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Abstract 

We  develop  a  pre-unification  algorithm  in  the  style  of  Huet  for  the  linear  A-calculus  which 

includes  intuitionistic  functions  (->),  linear  functions  (— o),  additive  pairing  (&),  and  additive  unit  (T). 
This  procedure  conveniently  operates  on  an  efficient  representation  of  ,  the  spine  calculus 

for  which  we  define  the  concept  of  weak  head-normal  form.  We  prove  the  soundness  and  completeness 
of  our  algorithm  with  respect  to  the  proper  notion  of  definitional  equality  for  ^  and  illustrate 

the  distinctive  aspects  of  linear  higher-order  unification  by  means  of  examples.  We  also  show  that, 
surprisingly,  a  similar  pre-unification  algorithm  does  not  exist  for  certain  sublanguages.  Applications  lie 
in  proof  search,  logic  programming,  and  logical  frameworks  based  on  linear  type  theories. 
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1  Introduction 


Linear  logic  [Gir87]  enriches  more  traditional  logical  formalisms  with  a  notion  of  consumable  resource, 
which  provides  direct  means  for  expressing  and  reasoning  about  mutable  state.  Attempts  at  mechanizing 
this  additional  expressive  power  led  to  the  design  of  several  logic  programming  languages  based  on 
various  fragments  of  linear  logic.  The  only  new  aspect  in  the  operational  semantics  of  most  proposals, 
such  as  Lolli  [HM94],  Lygon  [HP94]  and  Forum  [Mil96],  concerns  the  management  of  linear  context 
formulas  [CHP96].  In  particular,  the  instantiation  of  logical  variables  relies  on  the  traditional  unification 
algorithms,  in  their  first-  or  higher-order  variants,  depending  on  the  language.  More  recent  proposals, 
such  as  the  language  of  the  linear  logical  framework  LLF  [Cer96,  CP96]  and  the  system  RLF  [IP96], 
introduce  linearity  not  only  at  the  level  of  formulas,  but  also  within  terms.  Consequently,  implementations 
of  these  languages  must  solve  higher-order  equations  on  linear  terms  in  order  to  instantiate  existential 
variables.  In  this  paper  we  present  a  complete  algorithm  for  pre- unification  in  a  linear  A-calculus  which 
conservatively  extends  the  ordinary  simply-typed  A-calculus  and  could  be  used  directly  for  the  above 
languages. 

An  example  will  shed  some  light  on  the  novel  issues  brought  in  by  linearity.  A  rewrite  rule  r  :ti  =>  ^2 
is  applicable  to  a  term  t  if  there  is  an  instance  of  in  t;  then,  applying  r  has  the  effect  of  replacing  it 
with  t2  (assume  ti  and  ground,  for  simplicity).  This  is  often  formalized  by  writing  t  =  where 
the  rewriting  context  f  is  a  term  containing  a  unique  occurrence  of  a  hole  ([_])  so  that  replacing  the 
hole  with  ti  yields  t.  We  can  then  express  r  as  the  parametric  transition  T[ti]  =>  "^[1^2],  where  T  is  a 
variable  standing  for  a  rewriting  context.  The  applicability  of  r  to  a  term  t  reduces  to  the  problem  of 
whether  t  and  the  higher-order  expression  (T^i)  are  unifiable,  where  T  is  viewed  as  a  functional  variable. 
Traditional  higher-order  unification  does  not  take  into  consideration  the  linearity  constraint  that  exactly 
one  occurrence  of  ti  must  be  abstracted  away  from  t.  Indeed,  matching  (T^i)  with  (ctiii)  has  four 
solutions: 

T  < —  Xx.  cxti 
T  i —  Xx.  ctix 

But  the  first  match  in  the  box  does  not  have  any  hole  (the  variable  x)  in  it  while  the  second  contains 
two.  Linear  unification,  on  the  other  hand,  returns  correctly  only  the  two  unboxed  solutions.  This  means 
also  that  a  natural  encoding  of  a  rewrite  system  based  on  rewriting  contexts  in  the  logical  framework  LF 
would  implement  a  post-processing  phase  that  filters  out  non-linear  solutions,  while  this  step  would  be 
unnecessary  in  LLF,  The  problem  representation  would  therefore  be  more  direct  and  compact  in  this 
language. 

The  introduction  of  linear  term  languages  in  LLF  and  RLF  has  been  motivated  by  a  number  of 
applications.  Linear  terms  provide  a  statically  checkable  notation  for  natural  deductions  [IP96]  or  se¬ 
quent  derivations  [CP96]  in  substructural  logics.  In  the  realm  of  programming  languages,  linear  terms 
naturally  model  computations  in  imperative  languages  [CP96]  or  sequences  of  moves  in  games  [Cer96]. 
When  we  want  to  specify,  manipulate,  or  reason  about  such  objects  (which  is  common  in  logic  and  the 
theory  of  programming  languages),  then  internal  linearity  constraints  are  critical  in  practice  (see,  for 
example,  the  first  formalizations  of  cut-elimination  in  linear  logic  and  type  preservation  for  MinLML 
with  references  [CP96]). 

Differently  from  the  first-order  case,  higher-order  unification  in  Church’s  simply  typed  A-calculus  A"^  is 
undecidable  and  does  not  admit  most  general  unifiers  [G0I8I].  Nevertheless  sound  and  complete  (although 


T  ^ 

—  Xx.cti  ti 

T<r- 

—  Xx.cx  X 
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possibly  non-terminating)  procedures  have  been  proposed  in  order  to  enumerate  solutions  [JP76].  In 
particular,  Huet’s  pre-unification  algorithm  [Hue75]  computes  unifiers  in  a  non-redundant  manner  as 
constraints  and  has  therefore  been  adopted  in  the  implementation  of  higher-order  logic  programming 
languages  [NM88].  Fragments  of  of  practical  relevance  for  which  unification  is  decidable  and  yields 
most  general  unifiers  have  also  been  discovered.  An  example  are  Miller’s  higher-order  patterns  [Mil91], 
that  have  been  implemented  in  the  higher-order  constraint  logic  programming  language  Elf  [Pfe91a]. 
Unification  in  the  context  of  linear  A-calculi  has  received  limited  attention  in  the  literature  and,  to  our 
knowledge,  only  a  restricted  fragment  of  a  multiplicative  language  has  been  treated  [Lev96].  Unification 
in  A^  with  linear  restrictions  on  existential  variables  has  been  studied  in  [Pre95]. 

In  this  extended  abstract,  we  investigate  the  unification  problem  in  the  linear  simply-typed  A-calculus 
^  pre-unification  procedure  in  the  style  of  Huet  and  discuss  the  new  sources  of  non¬ 
determinism  due  to  linearity.  Moreover,  we  show  that  no  such  algorithm  can  be  devised  for  linear 
sublanguages  deprived  of  T  and  of  the  corresponding  constructor.  corresponds,  via  a  natural 

extension  of  the  Curry-Howard  isomorphism,  to  the  fragment  of  intuitionistic  linear  logic  freely  generated 
from  the  connectives  -4,  --o,  &:  and  T,  which  constitutes  the  propositional  core  of  Lolli  [HM94]  and 
LLF  [CP96].  is  also  the  simply-typed  variant  of  the  term  language  of  LLF  and  shares  similarities 

with  the  calculus  proposed  in  [Bar96] .  Its  theoretical  relevance  derives  from  the  fact  that  it  is  the  largest 
linear  A-calculus  that  admits  unique  long  /??7-normal  forms. 

The  principal  contributions  of  this  work  are:  (1)  a  first  solution  to  the  problem  of  linear  higher-order 
unification,  currently  a  major  obstacle  to  the  implementation  of  logical  frameworks  and  logic  programming 
languages  relying  on  a  linear  higher-order  term  language;  (2)  the  elegant  and  precise  presentation  of  an 
extension  of  Huet’s  pre- unification  procedure  as  a  system  of  inference  rules. 

Our  presentation  is  organized  as  follows.  In  Section  2,  we  define  and  introduce  the  spine  cal¬ 
culus  as  an  equivalent  formulation  better  suited  for  our  purposes.  The  pre-unification  algorithm 

is  the  subject  of  Section  3,  where  we  define  the  problem,  present  our  solution  and  prove  its  soundness  and 
completeness  with  respect  to  the  proper  notion  of  equality  for  ,  We  study  the  unification  problem 

in  sublanguages  of  and  hint  at  the  possibility  of  a  practical  implementation  in  Section  4.  In  order 

to  facilitate  our  description  in  the  available  space,  we  must  assume  the  reader  familiar  with  traditional 
higher-order  unification  [Hue75]  and  linear  logic  [Gir87]. 


2  A  Linear  Simply-Typed  A- Calculus 

This  section  defines  the  simply- typed  linear  A-calculus  (Section  2.1)  and  presents  an  equivalent 

formulation,  (Section  2.2),  which  is  more  convenient  for  describing  and  implementing  unifica¬ 
tion.  Moreover,  we  define  the  notion  of  (weak)  head-normal  form  for  (Section  2.3),  and  discuss 

equality  in  this  calculus  (Section  2.4).  We  conclude  with  a  technical  note  about  /^-expansion  in  5-^-0^''" 
(Section  2.5). 

2.1  Basic  Formulation 

The  linear  simply- typed  A-calculus  extends  Church’s  A“^  with  the  three  type  constructors  — o 

[multiplicative  arrow) ^  &  [additive  product)  and  T  [additive  unit)^  derived  from  the  identically  denoted 
connectives  of  linear  logic.  The  language  of  terms  is  augmented  accordingly  with  constructors  and 
destructors,  devised  from  the  natural  deduction  style  inference  rules  for  these  connectives.  Although  not 
strictly  necessary  at  this  level  of  the  description,  the  inclusion  of  intuitionistic  constants  will  be  convenient 
in  the  development  of  the  discussion.  We  present  the  resulting  grammar  in  a  tabular  format  that  relates 
each  type  constructor  (left)  to  the  corresponding  term  operators  (center),  with  constructors  preceding 
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A_con 


A_)var 


A_ivar 


F;  •  \-j:,c:A  c:  A  F; 

-  A_unit 

r;Ahj;  {):  T 

T;A\-s  M-.A  T;Ahs  N:B 

-  A^pair 

r;AhE  {M,N)  :  ALB 
F;A,a::>lf”s  M:B 

A_Ilam 

F;AI-s  XxiA.M  :  A-oB 
T,x:A;A\-^  M  :  B 

-  A_ilam 

F;AI-s  \x:A.M\A-^B 


x:Ah^  x\  A  T^x\A\')r^x:A 

(No  elimination  rule  for  T) 

F;Ahs  M:AkB  F;AI-e  M  :  AkB 

-  A_fst  -  A_snd 

F;  A  hs  FST  M  \  A  F;  A  Fe  snd  M  :  B 

F;  A'  l"E  M  :  ^  ^  5  F;  A"  hs  iV  :  A 

-  A_lapp 

F;A\A''Fe  M^N  :B 
F;AFe  F;  ■  Fe  N  :  A 

-  A_iapp 

F;AFe  MN  :B 


Figure  1:  Typing  in  A”^ 


destructors.  Clearly  constants  and  variables  can  have  any  type. 


Types:  A  ::=  a 

I  Ai  — y  A2 

I  Ai  —o  A2 
I  Ai  &  A2 

I  T 


Terms:  M  ::=  c  \  x 

I  \x:A.M 
I  \x:A.M 

I  {Mu  M2) 

I  0 


Ml  M2  {intuitionistic  functions) 

Ml  "M2  (linear  functions) 

FST  M  I  SND  M  (additive  pairs) 

(additive  unit) 


As  usual,  we  rely  on  signatures  and  contexts  to  assign  types  to  constants  and  free  variables,  respectively. 


Signatures:  S  ::=  •  |  E,c  :  A 


Contexts:  F  ::=  •  [  T,x  \  A 


Here  x,  c  and  a  range  over  variables,  constants  and  base  types,  respectively.  In  addition  to  the  names 
displayed  above,  we  will  often  use  N,  B  and  A  for  objects,  types  and  contexts,  respectively. 

The  notions  of  free  and  bound  variables  are  adapted  from  .  As  usual,  we  identify  terms  that  differ 
only  by  the  name  of  their  bound  variables  and  write  [M/x]N  for  the  capture- avoiding  substitution  of  M 
for  X  in  the  term  N.  We  require  variables  and  constants  to  be  declared  at  most  once  in  a  context  and 
in  a  signature,  respectively.  Since  the  order  in  which  these  declarations  occur  will  be  irrelevant  in  our 
presentation,  we  will  treat  contexts  and  signatures  as  multisets  (with  every  element  occurring  exactly 
once).  We  promote  to  denote  their  union  and  omit  writing  when  unnecessary;  when  using  this 
notation  in  A,  A'  for  example,  we  shall  always  assume  that  the  participating  multisets  A  and  A'  are 
disjoint. 

The  typing  judgment  for  has  the  form 


F;AFs  M  :  A 


where  F  and  A  are  called  the  intuitionistic  and  the  linear  context,  respectively.  The  inference  rules  for 
this  judgment  are  displayed  in  Figure  1.  Deleting  the  terms  that  appear  in  them  results  in  the  usual 
rules  for  the  (^— o&T)  fragment  of  intuitionistic  linear  logic,  [HM94],  in  a  natural  deduction 

formulation.  and  are  related  by  a  form  of  the  Curry-Howard  isomorphism. 

The  reduction  semantics  of  is  given  by  the  transitive  and  reflexive  closure  of  the  congruence 

relation  built  on  the  following  /?-r eduction  rules: 

FST(M,iV)  ^  M  (Xx:A.M)^N  [N/x]M 

SND  (M,  AT)  —^N  (Xx:A.M)N  ^  [N/x]M 


Similarly  to  A"^,  enjoys  a  number  of  highly  desirable  properties  [Cer96].  In  particular, 

since  the  usual  presentation  of  the  elimination  rules  for  the  remaining  operators  (for  example  for  0) 
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Figure  2:  Typing  for  /;-Long  Terms 


introduces  commutative  conversions,  it  is  the  largest  linear  A-calculus  for  which  strong  normalization  holds 
and  yields  unique  normal  forms.  However,  non-standard  presentations  bypass  commutative  conversions 
and  therefore  extend  the  class  of  strongly  normalizing  languages  (for  example  allowing  0  as  a  type 
constructor),  although  at  the  cost  of  added  complexity  [Min98].  We  will  not  pursue  this  thread. 

A  term  M  of  type  A  is  in  rj-long  form  if  it  is  structured  as  a  sequence  consisting  solely  of  constructors 
(abstractions,  pairing  and  unit)  that  matches  the  structure  of  the  type  A,  applied  to  atomic  terms  in  those 
positions  where  objects  of  base  type  are  required.  An  atomic  term  consists  of  a  sequences  of  destructors 
(applications  and  projections)  that  ends  with  a  constant,  a  variable  or  an  77-long  /?-redex,  where  the 
argument  part  of  each  application  is  required  to  be  itself  an  77-long  term.  This  definition  extends  the 
usual  notion  of  ?7-long  term  of  A”^  to  the  linear  type  operators  -o,  &  and  T  of  For  example,  in 

a  context  consisting  solely  of  the  assumption  x\A^  for  A  =  a  &  (a  -o  a) , 

M  =  (fst  a?,  \y\a.  (SND  x)'^y) 

is  an  77-long  term  of  type  A.  Indeed  M  starts  with  a  paring  construct  that  matches  the  conjunction  in  A, 
its  left  component,  which  has  base  type  a,  is  atomic,  and  its  right  component  is  itself  an  77-long  term  of 
type  a  — o  a.  Instead  x  by  itself  is  not  an  77-long  term  of  type  A.  The  unit  type  T  manifests  an  interesting 
behavior  since  there  is  a  unique  77-long  term  of  that  type,  namely  ().  As  in  A“^,  every  well-typed  term  in 
our  language  has  a  corresponding  77-long  form,  called  its  r}- expansion.  The  77-long  form  of  x  above  is  the 
term  M,  while  every  term  of  type  T  is  expanded  to  (). 

We  write  Can(M)  for  the  canonical  form  of  the  term  M,  defined  as  the  77-expansion  of  its 

/^-normal  form.  Notice  that  Can(ic)  corresponds  to  the  77-long  form  of  the  variable  x.  In  the  following, 
we  will  insist  in  dealing  always  with  fully  77-expanded  terms. 

2.2  The  Spine  Calculus 

Unification  algorithms  base  a  number  of  choices  on  the  nature  of  the  heads  of  the  terms  to  be  unified. 
The  head  is  immediately  available  in  the  first-order  case,  and  still  discernible  in  A“^  since  every  ?7-long 
normal  term  has  the  form 


\xi:Ai....XXn-An^hMi 

where  the  head  h  is  a  constant  or  a  variable  and  {h  Mi  . .  .Mm)  has  base  type.  The  usual  parentheses 
saving  conventions  hide  the  fact  that  h  is  indeed  deeply  buried  in  the  sequence  of  application  and  therefore 
not  immediately  accessible.  A  similar  notational  trick  fails  in  since  on  the  one  hand  a  term  of 

compound  type  can  have  several  heads  (e.g.  ci  and  C2  in  (01,02)),  possibly  none  (e.g.  ()),  and  on  the 
other  hand  destructors  can  be  interleaved  arbitrarily  in  a  term  of  base  type  (e.g.  FST  ((SND  o)  "x  y)) 

The  spine  calculus  [CP97]  permits  recovering  both  efficient  head  accesses  and  notational 

convenience.  Every  term  M  of  base  type  is  written  in  this  presentation  as  a  root  H  •  S,  where 

H  corresponds  to  the  head  of  M  and  the  spine  S  collects  the  sequence  of  destructors  applied  to  it.  For 
example,  M  —  {h  Mi  . .  .Mm)  is  written  U  =  h  •  {Ui;  . .  .t/m;NlL)  in  this  language,  where  represents 
application,  NIL  identifies  the  end  of  the  spine,  and  Ui  is  the  translation  of  Mi.  Application  and 
have  opposite  associativity  so  that  Mi  is  the  innermost  subterm  of  M  while  Ui  is  outermost  in  the  spine 
of  U.  This  approach  was  suggested  by  an  empirical  study  of  higher-order  logic  programs  based  on  A”^ 
terms  [MP92]  and  is  reminiscent  of  the  notion  of  abstract  Bohm  trees  [Her95a,  Her95b];  its  practical 
merits  in  our  setting  are  currently  assessed  in  an  experimental  implementation.  The  following  grammar 
describes  the  syntax  of  5-^-0^'^:  we  write  constructors  as  in  but  use  new  symbols  to  distinguish 

a  spine  operator  from  the  corresponding  term  destructor. 

Terms:  U  ::=  H^S  Spines:  S  ::=  NIL  Heads:  H  ::=  c  \  x  \  U 

I  Xx:AM  I  U;S 

I  Xx:A.U  I  ■U'lS 

I  {UuU2)  I  7ri5  I  7r25 

10' 

We  adopt  the  same  syntactic  conventions  as  in  and  often  write  V  for  terms  in  q^erms 

are  allowed  as  heads  in  order  to  construct  /?-redices.  Indeed,  a  normal  term  has  either  a  constant  or  a 
variable  as  its  heads. 

The  typing  judgments  for  terms  and  spines  are  denoted  as  follows: 

P;  A  hs  ^7  :  A  U  is  a  term  of  type  A  zn  P;  A  and  S 

P;  A  hs  S'  :  A  >  a  S  is  a  spine  from  heads  of  type  A  to  terms  of  type  a  zn  P;  A  and  S 

The  latter  expresses  the  fact  that  given  a  head  H  of  type  A,  the  root  H  •  S  has  type  a.  Notice  that  the 

target  type  of  a  well- typed  spine  is  a  base  type.  This  has  the  desirable  effect  of  permitting  only  zy-long 
terms  to  be  derivable  in  this  calculus  [CP97]:  allowing  arbitrary  types  on  the  right-hand  side  of  the  spine 
typing  judgment  corresponds  to  dropping  this  property,  as  we  will  see  in  Section  2.5.  Abstract  Bohm 
trees  [BarSO,  Her95a]  are  obtained  in  this  manner. 

The  mutual  definition  of  the  two  typing  judgments  of  is  given  in  Figure  2.  The  opposite 

associativity  that  characterizes  the  spine  calculus  with  respect  to  the  more  traditional  formulation  is 
reflected  in  the  manner  types  are  managed  in  the  lower  part  of  this  figure. 

There  exists  a  structural  translation  of  terms  in  to  terms  in  5“^“^^"'',  and  vice  versa.  This 

mapping  and  the  proofs  of  soundness  and  completeness  for  the  respective  typing  derivations  can  be  found 
in  [CP97]. 

In  the  sequel,  we  will  need  the  following  simple  property  of  typing  derivations,  which  states  that  the 
intuitionistic  context  of  any  valid  derivation  can  be  arbitrarily  weakened. 

Lemma  2.1  [Intuitionistic  weakening) 

i.  If  F;  A  hs  U  :  A,  then  for  any  context  F',  there  is  a  derivation  of  F,F';  A  hs  ?7  :  A. 

z'z.  If  F;  A  hs  5  :  A  >  a,  then  for  any  context  F',  there  is  a  derivation  of  F,  F';  A  bs  S'  •  A  >  a.  □ 

On  the  basis  of  this  result,  it  is  a  simple  matter  to  prove  the  following  lemma,  that  we  will  need  in 
the  sequel.  It  states  that  linear  hypotheses  can  be  viewed  as  intuitionistic  assumptions  with  additional 
properties.  An  analogous  result  is  proved  in  [Cer96].  Clearly,  the  reverse  property  does  not  hold. 
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Lemma  2.2  [Promotion) 

i.  If  T;  Aj  X  :  B  U  :  A,  then  there  is  a  derivation  of  T,  x :  B;  A  U  :  A. 

n.  If  F;  hs  S  :  A>  then  there  is  a  derivation  of  V  ^  x :  B]  A  \r^  S  :  A  >  a.  □ 


The  reduction  semantics  of  is  based  on  the  following  /^-reductions,  which  are  obtained  from 

the  analogous  rules  of  [CP96,  CP97]  by  means  of  the  mentioned  translation. 

{U,  F)  •  (tti  5)  — ^  t/  •  5 
{U,  V)-{n2S)  ^  7-5 
[\x:A.U)^{V-,S)  [V/x]U‘S 

[\x:A.U)^{V]S)  [V/x]U^S 

The  trailing  spine  in  the  reductions  for  is  a  consequence  of  the  fact  that  this  language  reverses 

the  nesting  order  of  destructors.  The  structure  of  roots  in  the  spine  calculus  makes  one  more 

/^-reduction  rule  necessary,  namely: 


(iF  •  5)  •  NIL 


H  •S 
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For  future  reference,  we  give  the  complete  rule  set  for  reduction  in  in  Figure  3.  We  write 

— y*  for  the  reflexive  and  transitive  closure  of  — >.  It  is  easy  to  prove  that  the  inference  rules  obtained  by 
systematically  replacing  — y  with  — y*  in  this  figure  are  admissible.  In  particular,  we  will  make  implicit 
uses  of  the  transitivity  rule  to  build  chains  of  reductions. 

In  most  of  this  paper,  we  will  insist  on  terms  being  in  7?-long  form.  Enforcing  this  requirement 
and  maintaining  it  as  an  invariant  of  the  operations  we  consider  will  have  the  beneficial  effect  of  sim¬ 
plifying  considerably  the  discussion.  Indeed,  while  working  around  extensionality  leads  only  to  minor 
complications  for  function  and  product  types,  accomodating  the  unit  type  (T)  requires  a  large  amount 
of  machinary  and  elaborate  techniques.  Furthermore,  an  implementation  that  works  on  7^-long  terms 
only  can  be  essentially  type-free,  while  a  program  that  performs  77-expansion  at  run-time  needs  typing 
information  pervasively. 

As  a  result  of  working  with  77-long  terms  only,  roots  have  always  base  type  and  so  do  the  target  types 
in  the  spine  typing  judgment.  The  /^-reduction  rules  above  preserve  not  only  well-typedness,  but  also 
long  forms  so  that  77-expansion  steps  never  need  to  be  performed.  This  property  is  formalized  in  the 
following  lemma,  whose  proof  can  be  found  in  [CP97]. 

Lemma  2,3  {Subject  reduction) 

7.  If  T;A  U  :  A  and  U  V,  then  V  :  A. 

li.  If  F;  A  hs  S  :  A>  a  and  S  — y  S' ,  then  F;  A  hs  ^  ^ 

The  following  technical  result  is  proved  as  in  [Cer96]. 

Lemma  2,4  {Substitution) 

i.  If  U  U'  and  V  K',  then  [V/xfU  — [V'/x\U'. 

ii.  If  S  S'  and  V  —y*  V',  then  [V/x]S  — [V'/x]S'.  □ 

Similarly  to  the  spine  calculus  is  confluent,  i.e.  every  two  sequences  of  reductions  at  a  term 

(spine)  can  be  extended  to  a  common  reduct.  This  fact  is  formalized  in  the  following  theorem  [CP97]. 

Theorem  2.5  {Confluence) 

i.  If  U  — y*  Ui  and  U  — y*  U2,  then  there  is  a  term  U'  such  that  Ui  — y*  U'  and  U2  — y*  U' . 

ii.  If  S  — y*  Si  and  S  — y*  S2,  then  there  is  a  spine  S'  such  that  Si  — y*  S'  and  S2  — S' .  □ 

Moreover,  every  reduction  sequence  necessarily  terminates  when  starting  from  a  well- typed  term  or 
spine.  We  have  indeed  the  following  theorem,  proved  in  [CP97]. 

Theorem  2.6  {Strong  normalization) 

i.  7/  F;  A  hs  •  A,  then  U  is  strongly  normalizing. 

ii.  If  F;  A  hs  S  :  A>  a^  then  S  is  strongly  normalizing.  □ 

With  these  two  theorems,  we  easily  prove  that  every  well- typed  term  in  has  a  unique  canonical 

form  with  respect  to  the  notion  of  reduction  given  in  Figure  3.  We  write  Can (77)  for  the  canonical  form 
of  the  term  U  with  respect  to  these  reductions,  and  similarly  for  spines. 
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2.3  Head-Normal  Forms  in  the  Spine  Calculus 

We  call  two  terms  equal  if  it  is  possible  to  rewrite  them  to  a  common  reduct  by  means  of  the 

rules  in  Figure  3.  Our  notion  of  equality  is  therefore  syntactic  equality  considered  modulo  /^-reduction 
(recall  that  we  assume  to  start  always  with  terms  in  7;-long  form).  The  problem  of  whether  two  terms  are 
equal  is  undecidable  in  the  general  case,  in  particular  in  the  presence  of  ill- typed  terms.  Indeed,  while 
recognizing  two  equal  terms  as  such  can  always  be  done  in  a  finite  number  of  steps,  establishing  that 
they  differ  can  go  beyond  the  power  of  automation  if  these  terms  admit  infinite  chains  of  reductions. 

This  issue  does  not  arise  if  we  limit  our  attention  to  well-typed  terms  (as  we  do  in  this  paper)  since, 
by  the  strong  normalization  theorem  2.6,  every  reduction  sequence  starting  at  a  typable  term  necessarily 
ends  with  a  canonical  form  after  finitely  many  steps.  Since  canonical  forms  are  unique,  a  simple  way  to 
decide  whether  two  terms  Ui  and  U2  satisfy  our  notion  of  equality  is  to  compute  their  canonical  form 
and  check  whether  Can(f/’i)  and  Can([f2)  are  syntactically  equal  (modulo  renaming  of  bound  variables, 
as  always). 

If  Ui  and  U2  are  indeed  equal,  then  this  method  is  often  very  efficient.  However,  it  performs  poorly 
on  average  since  it  might  do  large  amounts  of  unnecessary  computation  when  they  are  not  equal.  Assume 
for  example  that  Ui  and  U2  are  the  root  terms  ci  •  Si  and  C2  -52,  respectively,  with  Ci  and  C2  different 
constants  and  Si  and  S2  some  (possibly  very  complex)  spines.  Then,  looking  at  the  heads  of  J7i  and  U2 
suffices  to  establish  that  they  cannot  be  reduced  to  a  common  term.  Computing  their  canonical  form 
requires  instead  visiting  the  whole  terms  and  possibly  reducing  deep  redices  unnecessarily.  Reduction 
to  canonical  form  performs  poorly  also  when  used  in  unification,  as  we  will  see  in  the  next  section. 
Intuitively,  a  solution  is  computed  in  stages  and  each  stage  produces  a  redex  that  needs  to  be  normalized 
in  order  to  proceed.  Using  reduction  to  canonical  form  for  this  purpose  is  inefficient  since  it  would  cause 
the  same  term  to  be  traversed  over  and  over. 

We  overcome  these  deficiencies  by  considering  head-normal  forms.  A  term  is  head-normal  if  it  is 
canonical  except  for  the  possible  presence  of  /?-redices  within  a  spine,  i.e.  in  an  argument  position. 
Head-normal  roots  are  called  weakly  head-normal  terms  and  will  be  our  primary  focus.  A  (weakly) 
head-normal  term  consists  therefore  of  a  superficial  layer  that  is  redex-free  and  a  deeper  layer  that  is 
arbitrary.  Canonical  terms  are  simply  hereditarily  head-normal,  and  reduction  to  canonical  form  can 
be  implemented  by  iterated  reductions  to  head-normal  form  with  the  advantage  that  each  stage  of  the 
process  can  be  interleaved  with  other  operations,  such  as  detecting  failure  in  an  equality  test,  or  equation 
simplification  in  a  unification  problem. 

In  this  section,  we  will  study  head-normal  forms  and  discuss  an  algorithm  to  achieve  them.  The  results 
below  hold  in  particular  in  the  more  specific  case  of  weakly  head-normal  term.  We  will  apply  the  latter 
notion  to  improve  our  naive  equality  test  in  Section  2.4,  Its  applications  in  the  context  of  unification  will 
appear  in  Section  3. 

The  basic  reduction  relation  — y,  given  in  Figure  3,  is  built  by  congruence  over  the  five  /^-reduction 
rules  of  and  constitutes  the  basis  of  the  notion  of  canonical  form.  The  reduction  relation 

consisting  solely  of  these  /^-reduction  rules  is  called  weak  head- reduction  and  will  be  indicated  as  It 
is  only  applicable  to  terms  that  are  roots,  and  therefore  of  base  type  since  we  operate  on  /7-long  terms 
only.  We  formally  define  it  in  the  upper  part  of  Figure  4.  Its  reflexive  and  transitive  closure,  denoted 

permits  forming  chains  of  basic  /^-reductions.  It  can  be  easily  proved  that  the  rules  obtained  by 
replacing  with  in  this  figure  are  admissible. 

Head-normal  terms  draw  their  origin  from  the  head-reduction  relation,  that  we  indicate  as  It 

builds  on  weak  head-reduction  by  congruence  over  the  term  constructors  of  ,  and  therefore 

operates  on  terms  that  are  not  necessary  of  base  type.  In  particular,  root  boundaries  are  never  crossed 
and  it  is  not  defined  on  spines.  This  relation  is  formalized  in  Figure  4.  We  write  for  its  reflexive  and 
transitive  closure,  which  definition  is  given  at  the  bottom  of  this  figure.  As  with  weak  head-reduction, 
the  rules  obtained  by  replacing  with  —4-*  in  this  figure  are  admissible. 

Observe  that  weak  head-reduction  coincides  with  the  head-reduction  relation  for  roots.  Therefore, 
by  virtue  of  the  subject  reduction  lemma  below,  every  property  of  the  latter  relation  holds  (sometimes 
trivially)  for  its  weak  counterpart.  In  the  sequel,  we  will  rely  exclusively  on  the  weak  head-reduction 
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Figure  4:  (Weak)  Head-Reduction  for 


relation,  although  in  this  section  we  will  study  the  more  general  head- reduction  relation. 

Notice  that,  beyond  the  arrow  decoration,  the  rules  for  displayed  in  Figure  4  are  a  subset  of  the 
rules  given  for  — >  in  Figure  3.  This  implies  that  (weak)  head-reduction  is  a  sub- relation  of  the  general 
notion  of  reduction  for  .  This  simple  fact  is  formally  expressed  in  the  following  lemma. 

Lemma  2.7  [Reduction  subsumes  head-reduction) 

If  U  ^  U',  then  U  — )■  U' . 

Proof. 

The  formal  proof  proceeds  by  induction  on  the  structure  of  a  derivation  W  of  U  U' .  ^ 

Head- reduction  and  its  weak  variant  enjoy  many  of  the  properties  that  hold  for  — and  similarly 
for  their  reflexive  and  transitive  closures.  The  above  lemma  permits  significant  simplifications  of  their 
otherwise  rather  involved  proofs.  The  first  of  these  results  is  an  adaptation  of  the  strong  normalization 
theorem.  Notice  that  this  result  is  stated  for  terms  only,  and  not  for  spines. 

Theorem  2.8  [Strong  normalization  for  head-reduction) 

If  T;  A  U  :  A,  then  U  is  strongly  normalizing  with  respect  to 


Proof. 

Assume  we  have  a  (possibly  infinite)  sequence  of  terms  Uq,  ♦  such  that  U  =  Uq  and  there  are 

derivations  for  each  of  the  following  reductions: 


tt  hr  tt  hr  tt  hr 

a  =  Uo  — >  Ui  — y  U2  — y 
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Since,  by  Lemma  2.7,  every  head-reduction  derivation  corresponds  trivially  to  a  valid  reduction  derivation, 
the  following  sequence  of  reductions  is  derivable: 

a'  =  Uo  ^  Ui  U2  ^ 

By  the  strong  normalization  property  for  — cr'  must  be  finite.  Therefore,  also  a  must  be  finite.  eT 

Next,  we  prove  that  — >  is  confluent,  i.e.  that  if  a  head-reduction  is  applicable  in  two  positions  in  a 
term,  then  the  resulting  terms  can  be  reduced  to  a  common  reduct  by  a  further  application  (unless  they 
are  already  identical).  Here  and  in  the  sequel,  we  abbreviate  the  phrases  “the  judgment  J  has  derivation 
and  “there  is  a  derivation  J  for  the  judgment  J”  as  J  ::  J. 

Lemma  2.9  {Local  confluence  for  head-reduction) 

If  W'  ::  U  U'  and  ::  U  U'' f  then  either  U'  =  U" ,  or  there  is  a  term  V  such  that 
U'  V  and  U"  V. 


Proof. 

and  W"  can  differ  only  if  U  contains  a  subterm  U  of  the  form  {Ui,  U2)  and  the  two  derivations 
proceed  by  head-reducing  different  components  of  this  pair.  Assume  for  instance  that  Ui  is  reduced  to 
U{  in  >V',  and  U2  is  reduced  to  U2  in  W".  Then  will  contain  U'  —  {U{,U2)  and  U"  will  contain 
f/"  =  {Ui,  U2}.  We  now  obtain  V  by  reducing  both  U'  and  U''  to  V  =  (f7i, 

Formally,  the  proof  proceeds  by  simultaneous  induction  on  the  structure  of  W'  and  W".  eT 

When  restricting  our  attention  to  weak  head-reduction  in  the  above  lemma,  the  existence  of  >V'  and  W'' 
implies  that  U'  =  U"  since  every  term  of  base  type  can  start  at  most  one  head-reduction  sequence. 

Well-known  results  in  term-rewriting  theory  [DJ90]  permit  lifting  this  property,  in  the  presence  of 
termination  (Theorem  2.8  here),  to  the  reflexive  and  transitive  closure  of  the  above  relation. 

Lemma  2.10  {Confluence  of  head-reduction) 

If  W'  ::  U  U'  and  ::  U  then  there  is  a  term  V  such  that  U'  *  V  and 

JJN  □ 

We  are  now  in  a  position  to  prove  the  uniqueness  of  head-normal  forms:  by  strong  normalization 
every  well- typed  term  admits  only  finitely  many  head-reductions,  however  the  term  that  is  eventually 
produced  is  the  same  no  matter  which  redex  we  start  with. 

Theorem  2.11  {Uniqueness  of  head- normal  forms) 

//  F;  A  hs  :  A,  then  there  is  a  unique  head-normal  term  V  such  that  U 

Proof. 

By  the  strong  normalization  theorem  2.8,  we  know  that  every  sequence  of  reductions  starting  at  U 
leads  to  a  term  in  head-normal  form.  Let  us  consider  two  reduction  sequences  validating  U  — >*  W  and 
U  V'\  for  terms  V'  and  V''  in  head-normal  form.  By  confluence,  there  is  a  term  V  to  which  both 

head-reduce.  However,  since  there  is  no  head-reduction  derivation  starting  at  either  or  V",  the  only 
way  to  close  the  diamond  is  to  have  that  ~  V"  =  V ^  and  use  rule  hr*_refl.  eT 

This  theorem  entitles  us  to  speak  about  the  head-normal  form  of  a  well- typed  term  U,  We  will  indicate 
this  object  as  HNF([/)  for  the  moment. 

We  would  like  now  to  characterize  the  structure  of  the  head-normal  forms  HNF(^7)  computable  with 
the  rules  in  Figure  4.  In  particular,  we  want  to  verify  that  it  corresponds  to  the  informal  definition  given 
at  the  beginning  of  this  section.  Prior  to  doing  so,  we  need  to  show  that  the  head-reduction  relation 
respects  typing  and  extensionality.  We  have  the  following  subject  reduction  lemma. 
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Lemma  2.12  {Subject  reduction  for  head- reduction) 

If  T;  A  \-:s  U  :  A  and  U  ^  U' ,  then  T;  A  hs  f/'  :  A. 

Proof. 

By  the  subsumption  lemma  2.7,  there  is  a  derivation  of  U  — >  U\  Then,  by  the  subject  reduction 
theorem  2.3,  T]  A  U'  :  A.  Ef 

This  result  extends  to  the  reflexive  and  transitive  closure  of 

The  following  lemma  entails  that,  in  a  head-normal  term,  redices  are  confined  within  spines. 

Indeed,  the  only  atomic  (weakly)  head-normal  terms  are  roots  with  a  constant  or  a  variable  as  their  head: 
redices  are  excluded. 

Lemma  2.13  {Characterization  of  head-normal  forms) 

If  T;  A  hs  U  :A  and  V  =  HNF([/),  then 

•  if  A  —  a^  then  either  V=^c-S  or 

•  if  A  =  T,  then  V  =  {); 

•  if  A  =  Ai  kA2,  then  V  =  (Vi,  V2)  and  Vi  and  V2  are  in  head-normal  form; 

•  if  A  —  A-o  B,  then  V  =  Xx  :A.V^  and  is  in  head-normal  form; 

•  if  A  ~  A  B,  then  V  =  Xx:  A.  V'  and  V'  is  in  head-normal  form. 

Proof. 

By  iterated  applications  of  the  subject  reduction  lemma  2.12,  we  know  that  there  is  a  derivation  It  of 
F;  A  bs  V  :  A.  We  proceed  then  by  inversion  on  the  structure  of  U.  In  particular,  if  ^  is  a  base  type,  it 

must  be  the  case  that  V  =  C'Soj:V  =  X'S,  otherwise,  V  would  not  be  in  head- normal  form.  Ef 

The  above  results  imply  that  head-normalization  is  a  total  function  from  typable  terms  U 

to  objects  in  head-normal  form  HNF(f/).  We  want  now  to  give  an  explicit  functional  definition  for  this 
operation.  To  this  end,  we  propose  the  function  (...)  defined  as  follows. 


0  =  0 

(i?  •  5)  •  NIL  =  H  S 

{U,V}  =  {U,V) 

{U,V)-{tviS)  =  U-S 

Xx-.A.U  =  Xx-.A.U 

{U,  V)-{n2S)  =  1/  ■  5 

Xx'.A.U  =  Xx-.A.U 

(Xx-.A.U)-{V'^,S)  =  [V/x]U-S 

cS  =  c-S 

{Xx-.A.U) -{V -,5)  =  [Vlx\U-S 

X  •  S  =  X  ■  S 

We  need  to  show  that  (...)  actually  computes 
We  have  the  following  soundness  result:  if  V  ~ 

Lemma  2.14  {Soundness  0/  ( . . .)) 

If  there  is  a  term  V  such  that  U  =  V,  then 

Proof. 

By  induction  on  the  computation  of  U.  Ef 

The  completeness  property  below  states  that  (...)  computes  precisely  head-normal  forms. 

Lemma  2.15  {Completeness  0/  ( . . .)) 

If  U  V  and  V  is  in  head-normal  form,  then  U  is  defined  and  U  —  V . 


the  head-normal  form  of  any  well-typed 
[/),  then  U  head-reduces  to  V. 

U 
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Proof. 


This  proof  proceeds  in  two  steps. 

1.  Every  derivation  of  U  V  can  be  transformed  into  a  derivation  of  the  same  judgment  such 

that: 

♦  Reflexivity  (rule  hr*_refl)  is  only  applied  to  terms  of  the  form  (),  c  •  5  or  x  •  5; 

•  Transitivity  (rule  hr*_trans)  is  only  applied  either  to  terms  of  base  type  (roots)  or  to  pairs, 
in  which  case  its  right  premiss  ends  in  rule  hr_fst  and  its  left  premiss  ends  in  rule  hrjsnd. 

We  omit  the  proof  of  this  simple  property. 

2.  Then,  we  proceed  by  induction  on  the  structure  of  a  derivation  W  of  — )■*  V  with  the  above 

characteristics.  Ef 


Notice  that  neither  the  soundness  nor  the  completeness  lemma  above  mention  typing  information. 
Their  generality  specializes  to  the  well-typed  terms  we  are  interested  in  as  a  special  case.  Observe 
however  that  (...)  can  diverge  when  applied  to  certain  ill-typed  terms. 

Thanks  to  the  subject  reduction  lemma  2.12,  the  above  properties  imply  that,  whenever  applied  to 
a  (well-typed)  term  of  base  type,  (...)  computes  its  weak  head-normal  form.  Therefore,  whenever  U  is 
some  term  of  base  type,  U  will  denote  its  weak  head-normal  form. 

We  conclude  this  section  by  proving  a  technical  lemma  that  establishes  the  connection  between  head- 
normalization  and  canonical  forms.  A  head-normal  form  can  be  seen  as  an  intermediate  stage  towards 
reaching  a  canonical  form.  By  virtue  of  the  strong  normalization  theorem  above,  this  lemma  justifies 
iterated  head-normalization  as  a  specific  reduction  strategy  to  canonical  form. 

Lemma  2.16  [Connection  between  head-normal  forms  and  canonical  forms) 

If  T;  A  \-^  U  :  A  and  U  =  V,  then  Can(t/)  =  Can(l/). 

Proof. 

By  the  soundness  of  (...),  since  U  =  f/,  we  have  that  U  *  V  and  consequently  U  — y*  V 
by  subsumption.  By  subject  reduction,  we  deduce  that  r;A  hs  V  :  A  and  therefore,  by  the  strong 
normalization  theorem  2.6,  both  Can(f/)  and  Can(i^)  exist  and  U  — y*  Can(f/)  and  V  — y*  Can(V^). 
Now,  since  canonical  forms  are  unique,  we  derive  that  Can(C/)  —  Can(K).  Ef 


2.4  Equality  in  the  Spine  Calculus 

In  the  previous  section,  we  defined  two  terms  Ui  and  U2  to  be  equal  if  they  can  be  y^-reduced  to 

a  common  term  V,  We  observed  that,  by  strong  normalization  and  the  Church- Rosser  theorem  [CP97], 
it  suffices  to  compute  Can(f/i)  and  Can (6^2)  and  check  whether  they  are  syntactically  equal  (modulo 

renaming  of  bound  variables).  We  noticed  however  that  this  method  for  testing  equality  involves  a 

high  overhead  in  case  of  failure,  and  that  reduction  to  canonical  form  is  inefficient  when  dealing  with 
unification,  a  problem  closely  related  to  equality  checking  (see  Section  3). 

In  this  section,  we  propose  an  alternative  algorithm  for  verifying  that  two  5-^-0-^T  terms  are  equal. 
This  efficient  method  is  based  on  weak  head-normalization  and  parallels  the  use  of  this  form  of  reduction 
in  the  pre-unification  algorithm  discussed  in  Section  3.  We  will  prove  that  it  is  indeed  equivalent  to  the 
naive  procedure  based  on  comparing  canonical  forms. 

This  test,  that  we  will  sometimes  identify  as  staged  equality,  is  based  on  the  following  equality  judg¬ 
ments  for  terms  and  spines,  respectively: 

F;  A  hs  Ui  ^  U2  A  Ui  and  U2  are  equal  terms  of  type  A  in  F;  A  and  E 

F;  A  hs  =  52  :  A  >  a  Si  and  S2  ore  equal  spines  from  heads  of  type  A  to  terms  of  type  a  in 

F;  A  and  E 
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Figure  5:  Equality  in 


The  inference  rules  defining  them  are  given  in  Figure  5.  These  rules  are  type-directed  and  their  correctness 
and  termination  rely  heavily  on  the  assumption  that  the  involved  terms  are  rj-long  and  have  a  can6nical 
form.  This  requirement  entails  the  fact  that  two  terms  of  compound  type  cannot  be  equal  unless  their 
top-level  constructors  are  the  same  and  their  subterms  are  recursively  equal;  rules  Seq_unit  to  SeqJlam 
in  the  top  part  of  this  figure  take  advantage  of  this  fact.  A  similar  property  applies  to  spines  and  is  realized 
by  the  rules  in  the  bottom  part  of  Figure  5.  This  characterization  is  complete  in  the  case  of  roots  (the 
only  terms  of  base  type)  only  if  both  heads  are  a  constant  or  a  variable.  If  the  head  of  either  root  is  a 
generic  term,  we  first  need  to  reduce  the  resulting  redex.  In  this  situation,  we  avoid  the  drawbacks  of 
reduction  to  canonical  forms  by  using  weak  head-normalization  in  rules  Seq_redexJ[  and  Seqjredex_x 
(recall  that  the  function  (...)  computes  weak  head-normal  forms  when  applied  to  terms  of  base  type). 
This  will  have  the  effect  of  exposing  a  constant  or  a  variable  as  the  head  of  our  terms.  We  will  be  able 
to  compare  these  heads  directly  before  verifying  the  equality  of  the  associated  spines  (rules  Seq_con, 
SeqJvar  and  SeqJvar).  Redices  possibly  appearing  in  the  latter  will  be  handled  similarly.  This  way  of 
proceeding  corresponds  to  imposing  a  reduction  strategy  guided  by  weak  head-normalization  in  order  to 
handle  the  redices  occurring  in  terms. 

The  typing  information  in  the  equality  judgments  is  convenient  when  proving  properties,  especially 
those  concerning  unification  in  the  next  section.  It  is  however  redundant  as  long  as  we  assume  that  the 
terms  we  start  with  are  r^-long  and  have  a  canonical  form.  Therefore,  it  can  safely  be  omitted  altogether 
when  implementing  this  procedure. 

We  call  a  derivation  £  for  the  equality  judgment  F;  A  Ui  —  U2  A  well-typed  if  there  exist 
typing  derivations  Ui  and  U2  of  F;  A  Ui  :  A  and  F;  A  hs  U2  :  A,  respectively.  Notice  that  not 
every  equality  derivation  is  well-typed  since  the  appeals  to  weak  head-normalization  in  rules  Seq_redexJ[ 
and  Seq_redex_r  might  eliminate  ill- typed  subterms.  This  property  holds  however  if  Ui  and  U2  are  in 
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canonical  form.  Similar  considerations  apply  to  the  spine  equality  judgment. 

We  will  now  prove  that  the  deductive  system  given  in  Figure  5  does  implement  an  equality  test  as 
defined  at  the  beginning  of  the  previous  section.  We  first  prove  the  soundness  of  this  procedure,  i.e.  that 
every  time  it  claims  that  two  terms  are  equal,  they  actually  are.  The  involved  terms  are  not  required  to 
be  well-typed. 

Theorem  2.17  [Soundness  of  staged  equality) 

t.  If  S  ::T;A  hs  Ui  =  U2  :  A,  then  Can(f/i)  =  Can(f/2); 
a.  If  ^  F;  A  hs  Si  =  S2  A  >  a,  then  Can(5i)  =  Can(S'2); 

Proof. 

The  proof  proceeds  by  induction  on  the  structure  of  the  derivation  S.  All  cases  match  trivially  the 
rules  in  Figure  3,  except  for  derivations  that  end  in  Seq_redexJ  or  Seq-redexa*.  In  these  cases,  we 
take  advantage  of  the  connection  lemma  2.16  and  of  transitivity.  eT 

Next,  we  need  to  show  that  whenever  two  terms  (or  spines)  are  equal  according  to  our  definition, 
then  there  is  a  derivation  for  the  corresponding  staged  equality  judgment.  We  equip  the  statement  of 
this  theorem  with  typing  assumptions  to  ensure  the  existence  of  the  claimed  canonical  forms.  This  also 
establishes  the  origin  of  the  type,  contexts  and  signature  appearing  in  the  equality  judgments.  However, 
a  more  Spartan  version  of  this  theorem,  devoid  of  any  typing  assumption,  also  holds:  only  the  existence 
of  a  canonical  form  for  the  terms  involved  is  required. 

Theorem  2.18  [Completeness  of  staged  equality) 

i.  Let  Si  ::  F;  A  Hs  Ui  :  A  and  S2  ::  F;  A  Hs  •  A. 

If  Can(^7i)  =  Can(f/2),  then  F;  A  hs  Ui  =  U2  :  A. 

a.  Let  ::  F;  A  hs  5i  :  A  >  a  and  S2  S2  '  A  >  a. 

If  Can(5i)  =  Can(52);  then  F;  A  hs  5i  ==  ^2  :  A  >  a. 

Proof. 

The  proof  proceeds  by  nested  induction  over  computation  of  Can(f/i)  and  Can(f/2)j  measured  as  the 
sequence  of  /^-reductions,  from  Ui  and  U2  [Si  and  ^2)  to  Can(f/i)  and  Can([/2)  respectively  (Can(5i) 
and  Can(52)  respectively),  and  the  structures  of  Si  and  £2-  We  distinguish  cases  depending  on  the  last 
rule  applied  in  Si  and  ^2?  or  equivalently  on  the  structure  oi  Ui  and  U2  (or  and  52). 

Unless  either  derivation  ends  in  rule  lS_redex,  the  cases  are  handled  trivially  since  each  of  these  typing 
rules  corresponds  to  a  uniquely  determined  equality  rule.  The  induction  hypothesis  can  be  applied  to  the 
premisses  of  these  rules  since  the  sequence  of  reductions  does  not  change,  but  the  involved  derivations 
are  simpler. 

We  map  occurrences  of  rule  lS_redex  in  Si  to  applications  of  rule  Seq_redexJ,  and  its  occurrences 
in  S2  to  uses  of  Seq_redex_r.  Rule  lS_redex  witnesses  the  presence  of  an  exposed  redex  in  Ui  [U2)  so 
that  we  can  apply  weak  head-normalization  to  this  term.  By  the  subject  reduction  lemma  2.12,  Ui  [U2) 
has  a  typing  derivation  S[  (^2)-  We  can  therefore  apply  the  induction  hypothesis  since  the  sequence  of 
reductions  is  shorter,  although  the  structure  of  S[  [S2)  might  be  very  different  from  that  of  Si  (£2)-  ^ 

We  conclude  this  section  with  a  collection  of  properties  of  the  equality  judgments.  More  precisely,  we 
establish  that  it  is  a  congruence  relation  relative  to  the  two  terms  it  equates. 

Lemma  2.19  [Equality  induces  a  congruence) 

•  Reflexivity:  If  F;A  hs  U  :  A,  then  F;A  hs  U  =  U  :  A.  Similarly  for  spines, 

•  Symmetry:  If  F;  A  hs  Ui  ^  U2  A,  then  F;  A  hs  U2  =  Ui  :  A.  Similarly  for  spines. 
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Partial  roots 


r;A  hs,c-.A  S~A>B 
r ;  A  i~i^,c:A  c  '  S  :  B 


■  pS_con 


r;A'h^U:A  T;  A"  \-e  S  A  >  B 
r;A',A"  hs  U  S-.B 
r;A  l-E  S-.A>  B 


■  pS_redex 


-  pS_lvar 


Partial  spines 


(No  pseudo-spine  rule  for  T) 


r;A,a::yl  x  ^  S~.  B 

- ] 

F;  •  hs  NIL  T  ^4  >  ^ 

r;A  hs  S-A,  >B 


r ;  A  hs  TTj  5*  T  Ai  &:  A2  >  B 


■  pS_nil 


-  pS_fst 


r-,  A'  \-s  U  :  Ai  T;  A"  S 1  A2  >  B 
T;  A',  A"  h-E  U;S:Ai^A2>B 


T,x:A-,A  l-E  S~A>B 
r,j::74;A  hs  x-SlB 


■  pS-ivar 


T;  A  l-E  S'A2>B 
F ;  A  f“£  ^2  -S'  T  Ai  &  -4.2  >  B 


-  pS_snd 


-  pS_lapp 


F;  •  hs  U  :  Ai  F;  A  hs  5  T  42  >  a 
F;  A  Fs  U]S':Ai-^A2>B 


-  pS_iapp 


Figure  6:  Typing  for  Pseudo-Spines  and  Pseudo- Roots 


•  Transitivity:  If  F;A  Ui  =  U2  '■  A  and  F;  A  hs  U2  =  Us  :  A,  then  F;  A  l“s  Ui  =  Us  •  A. 

Similarly  for  spines 

♦  Congruence: 

-  7/ F;Ai,;r:^  hs  U:B  and  F;A2  hs  Vi  =  V2  :  A,  then  F;Ai,A2  He  [Vi/x]U  =  [V2/x]U  : 
B. 

-  If  T,x  :A]A  hs  Cf  :  ^  and  F;  •  hs  =  V2  :  A,  then  F;A  hs  [Vi / x]U  [V2 / x]U  :  B , 

Similarly  if  the  first  assumption  is  a  spine  typing  judgment. 

Proof. 

Reflexivity  is  a  direct  consequence  of  strong  normalization,  the  uniqueness  of  canonical  forms  and  the 
above  completeness  theorem. 

The  remaining  properties  are  proved  my  means  of  simple  inductive  arguments.  However,  had  we 
assumed  that  the  terms  they  mention  are  well- typed,  their  validity  would  be  a  direct  consequence  of  the 
soundness  and  completeness  of  staged  equality.  Ef 

In  the  remainder  of  this  paper,  we  will  always  assume  that  our  equality  derivations  are  well-typed 
and  therefore  omit  explicit  typing  judgments  for  their  sides. 

2.5  Eta-Expansion  in  the  Spine  Calculus 

In  Section  2.1,  we  observed  that,  given  a  declaration  x  :  A  the  7?-long  form  of  a  variable  x  corresponds 
to  Can(a?)  in  A  similar  notational  trick  is  not  viable  in  the  spine  calculus  since  a  variable  is  a 

head  while  the  reduction  semantics  of  is  defined  only  for  terms  and  spines.  In  this  section,  we 

will  present  a  method  for  computing  the  T^-long  form  of  a  variable  at  a  given  type,  and  prove  typing  and 
reduction  properties  about  these  objects.  This  method  can  easily  be  generalized  to  generate  the  ?7-long 
form  of  arbitrary 

The  procedure  we  will  develop  relies  on  the  notion  of  partial  spine,  a  technical  device  required  to 
cope  with  the  fact  that,  during  r/-expansion,  spines  are  built  from  the  outside  in.  Partial  spines  are 
syntactically  undistinguishable  from  spines  (see  the  definition  in  Section  2.2),  but  they  obey  a  different 
typing  semantics:  they  lift  the  requirement  that  the  target  type  of  a  well-typed  spine  be  a  base 

type.  We  rely  on  the  symbol  5,  possibly  subscripted,  as  a  syntactic  variable  for  partial  spines. 


15 


We  will  also  make  use  of  objects  that  differ  from  roots  for  the  fact  that  they  pair  up  an  head 

H,  as  defined  in  Section  2.2,  and  a  partial  spine  5.  Such  entities,  called  partial  roots,  are  denoted  H  ♦  5. 

The  distinguishing  characteristic  of  the  typing  policy  of  the  entities  we  just  introduced  with  respect 
to  the  related  concepts  is  that  partial  roots  are  not  required  to  be  of  base  type.  Consequently, 

we  relax  the  constraints  on  the  target  type  of  a  partial  spine  by  admitting  compound  types  in  addition 
to  base  types.  The  typing  semantics  of  partial  spines  and  partial  roots  is  formalized  by  means  of  the 
judgments 

T;A  SI  B  >  A  and  H 

respectively.  Notice  again  that  the  type  A  is  arbitrary  while  it  is  bound  to  be  a  base  type  in  the 
corresponding  relations.  The  definition  of  these  judgments  is  displayed  in  Figure .6,  It  parallels 

the  rules  for  spines  and  roots  given  in  Figure  2.  The  base  case  in  rule  pS_nil  handles  the  end  of  spine 
marker.  It  differs  from  the  treatment  of  NIL  in  rule  lS_Qil  by  lifting  the  commitment 'to  base  types. 

Observe  that  the  definition  of  typing  for  partial  spines  and  partial  roots  accesses  the  term  typing 
judgment  of  in  rules  pS_redex,  pS  Japp  and  pSJapp.  This  means  in  particular  that  roots 

possibly  occurring  in  the  arguments  of  a  partial  root  or  spine  must  have  base  type.  Therefore,  the 
deviation  to  the  typing  policy  of  permitted  by  partiality  is  confined  to  the  most  shallow  layer 

of  terms. 

We  rely  on  partial  spines  and  derived  notions  as  a  means  to  denote  and  manipulate  terms 

that  are  not  in  //-long  form.  Notice  indeed  that  there  is  a  derivation  of  the  judgment 

ic  :a&  (a -oa);  •  x  •  NIL  T  a  &  (a  — o  a) 

since  NIL  is  a  valid  partial  spine  of  type  a  &;  (a  -o  a).  Instead,  the  corresponding  judgment  is  not 

derivable  because  x  •  NIL  is  not  in  //-long  form  (i.e.  it  is  not  of  base  type).  Instead,  replacing  this  term 
with  its  //-expansion,  (a?  •  tti  NIL,  Ay  :a.  ir  ♦  (y  •  nil)'^ 7r2  NIL),  (written  (fst  Ay : a.  (SND  a?)  "y)  in 
yields  a  derivable  judgment.  Not  every  typable  term  that  fails  to  be  //-long  is  expressible  in 

our  extended  language,  but  sufficiently  many  are  in  order  to  achieve  the  //-expansion  of  variables  (in 
particular,  our  definition  requires  partial  spine  arguments  to  be  //-long). 

Partial  root  and  spine  typing  is  a  conservative  extension  of  the  typing  semantics  of  roots 

and  spines.  Indeed,  any  well- typed  root  (spine)  in  admits  an  isomorphic  derivation  according  to 

the  rules  in  Figure  6,  and  conversely  every  partial  root  of  base  type  (partial  spine  of  base  target  type)  is 
typable  according  to  the  typing  semantics  presented  in  Section  2.2.  This  intuition  is  formally  captured 
by  the  following  lemma. 

Lemma  2.20  [Partial  typing  conservatively  extends  typing) 
i.  F;  A  hs  H  '  S':  a  if  and  only  if  F;  A  hs  H  •  S  :  a>; 
a.  F;  A  hs  S^  B  >  a  if  and  only  if  T;  A  S  :  B  >  a. 

Proof. 

Each  direction  of  the  proof  proceeds  by  mutual  induction  on  the  given  derivations.  Ef 


This  lemma  implies  that  roots  and  spines  are  semantically  (and  of  course  syntactically)  special 

cases  of  the  partial  roots  and  spines  we  just  defined.  Therefore,  in  most  results  below,  a  spine  (root)  can 
be  supplied  whenever  a  partial  spine  (root)  is  expected.  We  will  take  advantage  of  this  possibility  in  the 
sequel. 


Given  a  partial  spine  5,  the  concatenation  of  S  with  another  partial  spine^5' 
structs  the  partial  spine  S"  obtained  by  replacing  the  trailing  nil  of  S  with  5'. 
given  as  follows. 

nil  @  S' 

(7ri5)@5' 

(7r2  5)@5' 

(V]S)(^S' 
iV;S)(^S' 


S'  ^  ^ 

TTi  (5  @5') 
TTs  (5  @50 
V-{S(^S') 
V;{S@S') 


A  formal  definition  is 
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It  is  easy  to  ascertain  that  @  is  a  total  function  of  its  two  arguments.  Concatenation  is  associative,  as 
expressed  in  the  following  lemma. 

Lemma  2.21  [Associativity  of  partial  spine  concatenation) 


Proof. 

This  statement  is  proved  by  induction  on  the  structure  of  the  partial  spine  5. 


szf 


Many  properties  of  the  typing  judgments  of  extend  to  the  current  setting.  In  particular, 

weakening  and  promotion  apply  to  partial  spines  and  partial  roots.  We  do  not  show  their  updated 
statement  for  the  sake  of  economy,  but  we  will  rely  on  them  in  the  sequel.  In  addition  to  these  properties, 
the  following  lemma  gives  the  typing  properties  of  the  concatenation  operation.  It  will  play  a  key  role  in 
the  proofs  below. 


Lemma  2.22  [Transitivity  of  partial  spine  typing) 

//  *5  ::r;A  hs  5  and  r;A'  hs  then  r;A,A'f-s 

Proof. 

This  proof  proceeds  by  a  simple  induction  on  the  structure  of  S. 


eT 


By  inspection  of  the  typing  rules  of  ,  it  is  easy  to  observe  that  no  valid  spine  can  have  a 

source  type  of  the  form  T,  or  a-oT,  or  more  in  general  any  type  which  result  type  is  T  (i.e.  T  or  a 
type  containing  a  positive  occurrence  of  T  as  the  right  hand-side  of  linear  or  intuitionistic  implication). 
No  such  restriction  applies  to  partial  spines  because  of  the  generality  of  rule  pSjtiil;  for  example,  this 
rule  alone  constitutes  a  derivation  of  the  judgment  F;  •  hs  NIL  T  T  >  T.  This  indicates  that  partial 
spines  are  a  more  general  approximation  of  the  notion  of  spines  than  we  actually  need.  However  their 
application  in  77-expansion  does  not  make  use  of  their  full  generality  when  dealing  with  types  having  T 
as  their  result  type. 

The  reduction  semantics  of  5'“^”^'^^  extends  without  changes  to  partial  roots  and  partial  spines.  In 
particular,  we  will  make  heavy  use  of  weak  head-reduction  on  partial  roots.  We  adopt  the  notation  already 
defined  for  Many  reduction  properties  of  apply  naturally  to  our  extended  setting.  The 

most  important  for  our  purposes  is  subject  reduction  and  the  substitution  lemma.  We  will  also  take 
repeated  advantage  of  the  statement  below,  that  describes  the  interaction  between  concatenation  and  the 
reduction  of  partial  roots. 

Lemma  2.23  [Concatenation) 

Let  n  be  a  derivation  of  Hi -Si  H2-S-i.  Then,  Hi  ■  {Si  @S)  H2  ■  (§2  @  S)  is  derivable. 

Proof. 

By  induction  on  the  structure  of  7^.  eT 


Our  77-expansion  procedure  is  formalized  by  means  of  the  judgment 

x-^S  t>  U 

which  is  defined  in  Figure  7  by  induction  on  the  type  A.  In  this  judgment,  x  is  the  variable  to  be 
^expanded,  A  is  initially  set  to  its  type  and  then  to  subexpressions  of  this  type,  and  the  partial  spine 
S  serves  as  an  accumulator  for  the  spine  S  to  which  x  should  be  applied.  The  term  U  corresponds  to 
intermediate  stages  of  the  construction  of  the  77-expansion  of  x.  We  will  see  that,  given  a  variable  x  and 
a  type  A,  there  is  always  a  term  U  such  that  the  judgment 

iT-^NIL  \>  U 
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is  derivable,  and  this  term  is  precisely  the  77-expansion  of  x  at  type  A. 

We  start  by  proving  that  the  judgment  x  S  >  as  defined  in  Figure  7  is  a  total  function  of  the 
variable  x,  the  type  A  and  the  partial  spine  5. 

Lemma  2.24  {Functionality  of  rj- expansion) 

For  every  variable  x,  type  A  and  partial  spine  5,  there  is  a  unique  term  U  such  that  the  judgment 

x^S  >  U 


is  derivable. 

Proof. 

The  proof  proceeds  by  an  easy  induction  on  the  structure  of  ^4.  eT 

We  would  like  now  to  show  that  what  this  procedure  computes,  when  given  a  variable  a?,  a  type  A 
and  the  end  of  spine  NIL,  is  the  77-expansion  of  x  at  type  A.  For  our  purposes,  it  will  be  sufficient  to 
show  that  the  object  U  it  outputs  has  type  ^4  in  a  context  consisting  solely  of  x  :  A.  In  order  to  prove 
this  property,  we  need  to  generalize  it  to  consider  intermediate  stages  of  the  construction  of  U.  We  have 
the  following  lemma. 

Lemma  2.25  {Well-typedness  of  rj- expansion) 

Assume  that  there  is  a  derivation  %  of  the  judgment 
A  and  type  B  such  that  the  judgment  F;  A  hs  S  B 
r;A,x:5  hs  U  \A. 

Proof. 

This  proof  proceeds  by  induction  on  the  structure  of  %  or  equivalently  on  the  type  A.  We  give  the 
details  of  the  most  significant  cases. 

A  =  a:  Then 

B  ~  - Sexp_root 

X  >  X  •  (5@nil) 

with  U  =  X  '  {S@  nil). 

Assume  there  is  a  derivation  of  F;  A  hs  S  B  >  a.  By  rule  lS_nil,  the  judgment  F;  •  nil  : 
a  >  a  is  derivable.  Therefore,  by  the  transitivity  lemma  2.22  there  exists  a  derivation  of 

F;  A  hs  5@NIL  \  B  >  a. 

Then,  it  suffices  to  apply  rule  IS  Jvar  to  obtain  the  desired  derivation  of 

r;A,x:B  hs  x  ^  (5@nil)  :  B. 


X S  >  U.  Then  for  all  contexts  F  and 
>  A  is  derivable,  there  is  a  derivation  of 
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A  =  T:  Then 


Sexp_unit 


%z=  - - - 

x-^5  l>  0 

with  [/  =  {). 

Rule  lS_unit  constitutes  a  derivation  of  F;  A  hs  ()  :  T  for  any  contexts  F  and  A.  In  particular, 
this  result  holds  for  contexts  F  and  A  =  A',  x :  B  such  that  F;  A'  hs  5  T  B  >  T. 

A  =  Ai&z  A2'.  Then 


a; (tti  nil)  I>  Ui  x (7r2  NIL)  >  U2 

—  - - Sexp_pair 

t>  {Ui,U2) 

vfithU  =  {Ui,U2). 

Assume  that  S  ::  T]  A  \-j^  5  T  jB  >  Ai  &  A2.  By  chaining  rule  pS_nil  with  pS Tst  and  pS_snd,  we 
can ^chieve  derivations  Si  of  T;  •  hs  tt^-  nil  T  Ai  &  A2  >  Aj,  for  f  =  1,2.  By  the  transitivity  lemma 
on  S  and  we  obtain  derivations  S'^  of 

T;  A  hs  5@(7rfNlL)T  B  >  A*. 

By  two  applications  of  the  induction  hypothesis  to  %i  and  5/,  there  are  derivations  of  F;  A,a? : 
B  hs  Ui  :  Ai.  Using  rule  lS_pair  yields  the  desired  derivation  of 

T'.A.x.B  hs  {UuU2)  :  A1&A2. 


A  =  Ai  —0  A2:  Then, 


n2 

j/-^NILI>R'  x^5@(R';nil)  >  R 

7/  zz - Sexp-Jlam 

>  Xy.Ai.V 


with  U  =  Ay :  Ai.  U. 

By  induction  hypothesis  on  T^i,  for  every  F,  A  and  B  such  that  ^nTl  ••  T;  a  hs  NIL  T  B  >  Ai, 
there  is  a  derivation  of  F;  A,y:B  U'  :  Ai.  Notice  however  that  S^j^  can  only  result  from  the 
application  of  rule  pS_Jiil,  forcing  A  =  •  and  5  =  Ai.  Therefore,  we  have  that  for  every  context  F, 
there  is  a  derivation  of  F;y:Ai  U'  :  Ai. 

By  concatenating  rules  pS_nll  and  pSJapp  relative  to  Uy,  we  produce  a  derivation  of  the  judgment 
F;y  :  Ai  U'';NIL  T  Ai  — o  A2  >  A2.  Assume  we  are  given  a  derivation  of  F;  A  5  T  5  > 
Ai  -o  A2.  Then,  an  application  of  the  transitivity  lemma  yields  a  derivation  S'  of 

F;A,y:Ai  hs  5  @  (U'^nil)  T  5  >  A2. 

Therefore,  by  induction  hypothesis  on  7^2  and  S',  the  judgment 

T;A,y:Ai,x:B  hs  U  :  A2 

is  derivable.  Application  of  rule  IS  Jlam  yields  the  desired  derivation  of 

T;A,x:B  hs  Ay:Ai.U  :  Ai>-oA2. 

A  =  Ai  A21  The  proof  proceeds  similarly  to  the  previous  case,  except  for  the  need  to  use  the  pro¬ 
motion  lemma  2.2.  ^ 
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A  stronger  version  of  this  property  holds  when  the  result  type  of  A  is  T,  as  can  be  observed  from 
the  way  we  handled  the  case  where  A  —  T,  Indeed,  given  an  //-expansion  derivation  71  ::  x  — yS  >  U ^ 
it  is  easy  to  show  that,  in  this  specific  situation,  for  every  contexts  T  and  A,  there  is  a  derivation  of 
r;A  1-2  U  :  A  (the  assumption  x  :  B  is  not  needed).  We  will  not  need  to  take  advantage  of  this 
specialized  property. 

The  above  lemma  specializes  to  the  following  corollary  when  we  are  in  the  initial  configuration. 

Corollary  2.26  {Well-typedness  of  rj- expansion) 

If  %  X  -^NIL  >  U ,  then  •;  a? :  A  U  :  A  and  ar :  A;  •  hs  [/  :  A. 

Proof. 

By  the  above  lemma,  for  all  T,  A  and  B  such  that  ::  F;  A  hs  NIL  B  >  A^  there  is  a  derivation  of 
F;  A,  a:  hs  U  :  A.  Notice  however  that  S  can  only  result  from  the  application  of  rule  pS_nil,  forcing 

A  =  •  and  B  =  A.  By  further  choosing  F  =  •,  we  obtain  the  desired  derivation  of  •;  a? :  A  Cf  :  A. 

A  derivation  of  a? :  A;  •  U  :  A  is  then  obtained  by  appealing  to  the  promotion  lemma  2.2.  Ef 

We  will  call  the  unique  object  U  such  that  x  -^NIL  [>  U  is  derivable  the  p-expansion  of  variable  x 
at  type  A  and  denote  it  as  ar^ . 

We  conclude  this  section  with  a  technical  property  concerning  the  reduction  of  //-expanded  variables. 
As  for  the  previous  results,  we  will  need  only  a  very  specific  instance  of  a  more  general  lemma.  However, 
we  shall  state  it  in  its  full  generality  in  order  to  be  able  to  prove  it.  In  this  statement,  we  make  use  of 
our  extension  of  the  notion  of  reduction  to  partial  roots. 

Lemma  2.27  [Reduction  of  p- expanded  variables) 

i.  If  n  ::x^S  t>  U  and  S  ::T;A  hs  S:A>a,  then  U-S  x-{S@S). 

a.  If  H  ::  x-^S  >  U,  S  ::  T;  A  S  I  B  >  A,  x  does  not  occur  free  in  S,  W  ::  r;A'  hs  V  :  B 

and  V  -S  ■  NIL,  then  [V/x]U  — )■*  U*. 

Hi.  If  U  ::F,2::B;A  hs  U  :  A,  then  [x^/z]U  — >*  [x/z]U. 

iv.  If  S  ::T,z  :B;  A  5  :  A  >  a,  then  [x^/z]S  — y*  [x/z]S. 

Proof. 

This  rather  involved  proof  proceeds  by  simultaneous  induction  over  the  structure  of  S  in  (/'),  of  U* 
in  (ii),  of  U  in  [Hi),  and  of  S  in  (//;).  More  precisely,  we  admit  appealing  to  the  induction  hypothesis  in 
the  following  circumstances: 

•  Given  a  spine  S  in  (/),  we  will  induce  on  (/)  for  spines  S'  smaller  than  S,  and  on  (//)  for  terms  U* 
contained  in  5. 

•  Given  a  term  U*  in  (//),  we  will  apply  the  induction  hypothesis  [ii)  to  term  U**  that  differ  from  a 
subterm  U”  of  U*  only  by  the  renaming  of  a  free  variable  (if  =  [x/z]U"  for  example).  We  will 
also  appeal  to  [Hi)  on  terms  U  smaller  than  U* . 

•  Given  a  term  U  in  [Hi),  we  will  induce  on  [Hi)  for  subterms  of  U ,  and  on  (/’)  and  [iv)  for  spines  S 
embedded  in  U . 

•  Finally,  given  a  spine  S  in  [iv),  we  will  access  either  (//;)  on  spines  S'  smaller  than  S,  or  [Hi)  on 
subterms  U  of  S. 

We  will  now  outline  the  development  of  a  number  of  significant  cases.  We  distinguish  cases  on  the  basis 
of  the  type  A  appearing  in  the  various  parts  of  this  lemma. 
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(i)  A  =  a:  By  inversion  on  S  and  H,  it  must  be  the  case  that  S  =  nil  and  U  =:  x  ‘  {S  @nil).  Then,  by 
rule  SrJtiil,  _  _  _ 

U  •  S  =  {x  ^  {S@  nil))  •  NIL  - >  X  ‘  {S@  nil)  z=:  X  ‘{S(&S) 

(i)  A  =  T:  By  inversion  on  S,  this  case  cannot  arise. 

(i)  A  =  Ai&:  A2:  By  inversion  on  we  deduce  that  U  =  {Ui,U2)  and  that  there  are  derivations  of 
a?  (tTj  nil)  >  Ui  for  z  =  1, 2.  Furthermore,  inversion  on  S  opens  two  alternative  courses: 

0  S  =  TTi  Si  and  Si  ::  r;A  hs  Si  :  Ai  >  a.  By  induction  hypothesis,  the  associativity  of 
concatenation  and  the  definition  of  this  operation,  •  -  ^  . 

Ui  •  Si  — X  •  {{S@7ri  nil)  @5i)  =  X  •  (5@  (tti  nil@5i))  =  ic  •  (5@7ri  5i) 

Now,  by  rule  Sr_beta_fst, 

(t/i,C/2)*7ri5i  ~--rUi-Si  x^(S@7:iSi). 


•  S  —  Til  S2  and  ^2  ::  F;  A  hs  S2  '■  A2  >  a.  We  proceed  symmetrically  to  the  previous  subcase, 
(z)  A  =  Ai  —0  A2:  By  inversion  —  \y:Ai.U^  and  there  are  derivations  of 

x-^^mL  >  and  x  ^nil)  > 

Since  y  is  bound  in  U ,  we  can  assume  it  occurs  neither  in  S  nor  in  S.  By  further  inversion  on  S, 
we  obtain  that  S  =  V'\S\  A  =  A',  A"  and  there  exist  derivations  of 

F;  A''  hs  1/  :  Ai  and  F;  A'  hs  5^  A2  >  a. 


The  induction  hypothesis  and  the  associativity  of  @  permits  concluding 


U'-S'  x-({S@y^^;mL)@S')  =  x-{S@y^^-S'). 

We  then  conclude  this  case  of  the  proof  as  follows: 


{\y:Ai.U')-{V-S') 


-4  [V/y]U'  •  S' 

=  [V/y]iU'-S') 

[V/y]{x-{S@y^^-S')) 

=  x-iS@i[V/y]y^^^S')) 

=  [['^/2/]2/^‘A](^  • 

[FA](a:-(5@0;5')) 


by  rule  Sr...betaTin, 
since  y  does  not  occur  free  in  5', 
by  the  substitution  lemma  2.4  and 
the  above  induction  hypothesis, 
since  y  is  not  free  in  a:,  5^  and  5, 
for  some  new  variable  2:, 
by  induction  hypothesis  (zz)  and 
the  substitution  lemma, 
by  definition  of  substitution. 


(z)  A  =  Ai  — >■  A2:  We  proceed  similarly. 

(ii)  A  =  a:  By  inversion  on  we  have  that  U  =  x  ^  (5@NIL).  By  applying  the  transitivity  lemma  on 
rule  lS_nil  and  S,  we  obtain  a  derivation  5  of  F;  A  hs  5@NIL  :  B  >  a. 

Since  V  •  S  U*  •  nil  holds  by  assumption,  the  concatenation  lemma  allows  us  to  conclude 

that  _ 

1/  •  (5  @  nil)  — U*  •  (nil  @  nil)  =  U* '  nil. 

Thus,  since  x  does  not  occur  free  in  5,  we  have  that 

[V/x]{x^{S^mL))=:V  •{S(^mh)  — t/*-NiL. 
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Finally,  by  rule  lS_redex  on  U  and  5,  there  is  a  derivation  of  F;  A,  A'  hs  V  '  (S'®  nil)  :  a,  so 
that,  by  subject  reduction,  also  F;  A,  A'  hs  V  *  nil  :  a  is  derivable,  and  therefore  by  inversion 
on  rule  lS_redex,  there  is  derivation  of  F;  A,  A'  hs  U*  :  a  as  well.  Again  by  inversion,  U*  must 
be  a  root.  Therefore  we  can  apply  rule  Sr_Qil,  obtaining  that  U*  •  NIL  — y  U* .  By  chaining  this 
reduction  with  the  previous  ones,  we  get  the  requested  derivation  of  the  judgment 

[l^/ic](a:-(5@NiL))  — U*. 


(ii)  A  =  T:  By  inversion  on  ?/,  we  deduce  that  U  =  ().  By  rule  pS_redex,  F;  A,  A'  bs  •  5  T  T  is 
derivable  and  therefore,  by  subject  reduction,  there  is  a  derivation  of  F;  A,  A'  bs  U*  •  NIL  T  T, 
from  which  we  deduce,  by  inversion,  that  F;  A,  A'  bs  U*  :  T,  and  therefore,  again  by  inversion, 
that  U*  =  ().  Then,  trivially  \y/x\()  =  (). 

Observe  that  the  treatment  of  this  case  relies  on  the  existence  of  a  derivation  for  F;  •  bs  NIL  T  T  > 
T,  that  is  readily  produced  by  means  of  rule  pS_QiF  As  we  said,  concatenating  NIL  with  no 
object  can  yields  a  well-typed  spine. 

(ii)  A  =  Ai  &  A2:  By  inversion  on  'H,  we  have  that  U  —  {Ui,U2)  and  that  there  are  derivations  of 
x-^S  @  (TTf  nil)  >  Ui  for  i  =  1, 2.  By  rules  pSJfst  and  pSjsnd  and  the  transitivity  lemma  on 
5,  we  can  produce  derivations  of 

F;  A  bi:  5@(7r*  nil)  :  B  >  A*. 

By  knowing  that  V  ♦  5  U*  •  NIL,  we  deduce  by  the  concatenation  lemma  that 

F  •  (S  ®  TTi  nil)  - U*  •  TTi  NIL. 

Similarly  to  the  previous  case,  appeals  to  rule  pSjredex,  to  the  transitivity  lemma  2.22  and  to 
inversion  permit  us  to  deduce  that  there  is  a  derivation  of  F;A,A'  bs  U*  :  A1&A2  and  thus 
that  U*  =  and,  once  more  by  inversion,  that  F;  A,  A'  bs  U*  :  Ai.  By  chaining  rules 

Sr_beta_fst  and  Sr_beta_snd  to  the  reduction  sequence  above,  we  obtain  that,  for  i  =  1,2, 

F- (5 ©TTi nil)  ^*U*  -nil. 

We  are  now  in  a  position  of  appealing  to  the  induction  hypothesis,  obtaining  derivations  for  the 
reduction  judgments  [V/x]Ui  — U*  from  which  we  easily  achieve  the  desired  derivation  of 

[v/x]{Ui,U2)  {u^,u;) 


by  rules  Sr.pairl,  Sr_pair2,  the  definition  of  substitution  and  transitivity  at  the  level  of  reductions. 

(ii)  A  =  Ai  —o  A2:  By  inversion  on  we  know  that  U  =  Xy  :  Ai.U'  and  that  there  are  derivations 
Til  and  Ti2  of 

a:-^NiL  >  and  x S  ^  [y^^  ;mL)  t>  , 

respectively.  By  the  above  corollary  2.26  and  weakening,  there  is  a  derivation  of 

F;  Ai  bs  y^^  :  Ai. 


An  application  of  rules  pS_nil  and  pS  Japp  yields  a  derivation  of  T;y:Ai  b^  y^^  j  NIL  T  Ai  -o  A2  > 
A2.  This  derivation  and  S  can  be  combined  by  means  of  the  transitivity  lemma  2.22  into  a  derivation 
of 

r;  A,  j/ :  ^1  1-2  5  @  (j/;f '  ;  NIL)  :  5  >  yl2 . 


By  rule  pS_redex,  subject  reduction  and  inversion,  we  deduce  that  U*  =  Xz  :  Ai.U**  and 
F;  A,  A',  z  :  Ai  bs  U**  :  A2  is  derivable.  By  the  promotion  lemma,  there  is  also  a  derivation 


of 


F,z:Ai;A,A'  bs  U**  :  A2. 
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On  the  basis  of  these  facts,  we  can  now  construct  the  following  sequence  of  reductions: 


;nil) 


hr 


{Xz:Ai.U**)  •  (nil @2/^1 1 nil) 

(Az:^.[/**).(2/;f';NlL) 
[y^^/z]U**  -mh 
[y/z]U**  ■  NIL 


by  the  concatenation  lemma  on  the 

/)  7* 

assumption  V  -  S  — >*  W  -  NIL, 
by  definition  of  concatenation, 
by  rule  whr-b  eta  Japp 

by  induction  hypothesis  [in)  and  the 
substitution  lemma. 


We  can  now  apply  the  induction  hypothesis,  obtaining  a  derivation  of  \y/x\U^  — [y/^]U**- 
Then,  rule  Sr  Jlam  yields  the  desired  result: 

[V/x]{Xy:A,,U')  — Xy:Ai,[y/z]U*^  =  Xz:AiM^\ 

where  the  last  equality  relies  on  our  convention  about  implicit  renaming  of  bound  variables. 

(ii)  A  =  Ai  A2:  We  proceed  as  in  the  previous  case,  except  that  there  is  no  need  to  appeal  to  the 
promotion  lemma. 

(iii-iv):  Most  of  the  cases  falling  into  this  category  have  a  simple  proof  based  on  straightforward  inver¬ 
sion  and  appeals  to  the  induction  hypothesis.  We  will  concentrate  on  the  case  of  (in)  where  J  a, 
from  which  we  deduce  that  U  =  H  ■  S  fov  some  term  H  and  spine  5.  We  then  need  to  proceed 
by  considering  the  different  alternatives  for  the  head  H .  All  these  subcases  are  handled  trivially 
except  for  the  situation  where  H  is  the  variable  2:. 

Then,  by  inversion  we  know  that  there  exist  a  derivation  of  S  ::  T,z  :  B;  A  hs  S  :  B  >  a.  By 
induction  hypothesis  (z?;),  we  have  therefore  that 

[x^/z]S  [x/z]S. 

From  it  is  a  simple  matter  to  prove  that  there  is  a  derivation  of  F,  a? :  B;  A  [xlz]S  :  B  >  a. 
Since,  by  definition,  ar-^NlL  1>  we  can  apply  the  induction  hypothesis  (2)  obtaining  that 

•  [x/z]S  — X  •  [x/z]S. 

We  can  now  chain  these  reductions  as  follows: 


[x^/z]{z  •  5)  =  X®  ■  [x^/z]S  — xf  •  [xlz]S  — >■*  X  •  {xlz]S  =  [xlz]{z  ■  S), 
obtaining  in  this  way  the  desired  result. 


BZf 


Below,  we  will  only  need  a  very  special  case  of  the  above  lemma,  reported  as  the  following  corollary. 

Corollary  2.28  [Canonical  reduction  of  r]- expanded  variables) 

If  F;  A  bs  S  \  A>  a,  then  Ca,n[x^  •  S)  =  Can(a:  ♦  S). 

Proof. 

By  part  (i)  of  the  previous  lemma  and  the  definition  of  7?-expansion  x^^  we  know  that  there  is  a 
derivation  of  x^  •  S  — >*  x  •  S.  We  obtain  the  desired  result  by  confluence  (Lemma  2.5)  and  strong 
normalization  (Theorem  2.6).  eT 

Observe  that  this  property  fails  as  soon  as  we  replace  reduction  to  canonical  form  with  weak  head- 
normalization:  the  shallow  reductions  performed  by  the  latter  operation  cope  inadequately  with  the 
thorough  transformation  resulting  from  /^-expansion.  Indeed,  it  is  not  true  in  general  that,  if  F;  A 
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S  \  A>  a,  then  ■  S  x  -  S.  As  a  counterexample,  assume  the  variable  x  has  type  A  =  (a  — ^  a)  a, 
so  that 

=  Xf-.a  a.{x  ■  {{Xy:a.  (/  •  (j/; NIL))); NIL)), 
and  S  is  the  spine  (Xz:a,  (z  •  nil));  NIL.  Then,  x  •  S  =  x  •  S.  Instead, 

x^  ■  S  X  -  {{Xy:a.  {{Xz:a.  {z  •  nil))  •  (y; nil))); nil)). 

A  further  step  of  /^-reduction  is  needed  to  obtain  x  •  S  from  this  expression. 


3  Linear  Higher-Order  Unification 

In  this  section,  we  define  the  unification  problem  for  (Section  3.1),  show  a  few  examples  (Sec- 

tion  3.2),  describe  a  pre-unification  algorithm  a  la  Huet  for  it  (Section  3,3),  prove  its  soundness  and 
completeness  (Section  3.4),  and  discuss  new  sources  of  non-determinism  introduced  by  linearity  (Sec¬ 
tion  3.5). 

3.1  The  Unification  Problem 

Equality  checking  becomes  a  unification  problem  as  soon  as  we  admit  objects  containing  logical  variables 
(sometimes  called  existential  variables  or  meta-variables)^  standing  for  unknown  terms.  The  equalities 
above,  called  equations  in  this  setting,  are  unifiable  if  there  exists  a  substitution  for  the  logical  variables 
which  makes  the  two  sides  equal,  according  to  the  definition  given  in  the  previous  section.  These  sub¬ 
stitutions  are  called  unifiers.  The  task  of  a  unification  procedure  is  to  determine  whether  equations  are 
solvable  and,  if  so,  report  their  unifiers.  As  for  A“^,  it  is  undecidable  whether  two  terms  can  be 

unified,  since  the  equational  theory  of  is  a  conservative  extension  of  the  equational  theory  of  the 

simply-typed  A-calculus. 

An  algorithm  that  returns  a  set  of  solvable  residual  equations,  besides  a  substitution  with  the  above 
properties,  is  called  a  pre-unification  procedure  [Hue75].  The  idea  behind  this  approach  is  to  postpone 
some  solvable  equations  (the  so  called  flex-flex  equations)  as  constraints  instead  of  enumerating  their 
solutions,  as  done  by  a  unification  algorithm.  Pre-unification  is  undecidable  in  both  A“^  and 
since  it  subsumes  deciding  whether  a  set  of  equations  has  a  solution. 

Logical  variables  stand  for  heads  and  cannot  replace  spines  or  generic  terms.  Therefore,  the  alterations 
to  the  definition  of  required  for  unification  are  limited  to  enriching  the  syntax  of  heads  with 

logical  variables,  that  we  denote  F  and  G,  possibly  subscripted.  We  continue  to  write  U ^  V  and  S  for 
terms  and  spines  in  this  extended  language.  In  order  to  avoid  confusion  we  will  call  the  proper  variables 
of  parameters  in  the  remainder  of  the  paper.  The  resulting  extended  syntax  for  -g 

formalized  as  follows: 


Terms:  U  ::=  H-S 

Spines:  S  ::=  NIL 

Heads:  H  ::=  c 

(constants) 

1  Xx:A.U 

1  U-,S 

1  ^ 

(parameters) 

1  Xx-.A.U 

1  U-S 

1  U 

(redices) 

1  {UuU2) 

1  1  TT^S 

1  p 

(logical  variables) 

I  0 

The  machinery  required  in  order  to  state  a  unification  problem  is  summarized  in  the  grammar  below. 
We  will  in  general  solve  systems  S  of  equations  that  share  the  same  signature  E  and  a  common  set  of 
logical  variables  A  system  can  contain  both  term  equations  P;  A  h  Ui  =  A  and  spine  equations 
r;A  h  S\  =  S2  •  A>  a.  A  solution  to  a  unification  problem,  also  called  a  pre-unifier,  is  a  substitution 
6  that,  when  applied  to  S,  yields  a  system  of  flex-flex  equations  Eff  that  is  known  to  be  solvable.  A 
flex-flex  equation  relates  roots  with  logical  variables  as  their  heads.  This  notion  of  solution,  characteristic 
of  pre-unification,  subsumes  unifiers  as  the  particular  case  in  which  the  residual  flex-flex  system  is  empty. 
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Finally,  we  record  the  types  of  the  logical  variables  in  use  in  a  pool 

Equation  systems:  E  ::=  •  |  S,  (F;  A  h  Ui  =  U2  :  A)  \  S,  (F;  A  h  Si  =  S2  '  A  >  a) 

Flex-flex  systems:  Eff  ::=  •  |  Eff,  (F;  A  h  Fi  •  Si  =  F2  ‘  S2  ■  o-) 

Substitutions:  0  ::=:  •  |  Q^U/F 

Pools:  ^  \  ^,F: A 

We  assume  that  variables  appear  at  most  once  in  a  pool  and  in  the  domain  of  a  substitution.  Similarly 
to  contexts,  we  treat  equation  systems,  substitutions  and  pools  as  multisets.  We  write  ^  for  individual 
equations.  The  context  F;  A  in  an  equation  enumerates  the  parameters  that  the  substitutions  for  logical 
variables  appearing  in  ^  are  not  allowed  to  mention  directly.  Therefore,  legal  substitution  terms  U  for  a 
variable  F  :A  must  be  typable  in  the  empty  context,  i.e.  •  l-s,$  U  :  A  should  be  derivable  where  $ 
includes  the  logical  variables  appearing  in  U  (notice  in  particular  that  U  is  purely  intuitionistic).  This 
is  sometimes  emphasized  by  denoting  an  equation  system  E  as  VE.3$.V(E),  where  the  inner  expression 
means  that  the  context  F;  A  of  every  equation  ^  is  universally  quantified  in  front  of  it. 

A  term  or  spine  equation  ^  can  be  interpreted  as  an  equality  judgment  with  signature  (E,^),  where 
again  ^  includes  the  logical  variables  appearing  in  In  the  following,  we  will  occasionally  view  an 
equation  system  E  as  the  multiset  of  the  equality  judgments  corresponding  to  its  equations.  In  these 
cases,  we  write  £  ::E  to  indicate  that  each  equation  seen  as  an  equality  judgment,  in  the  system  E  has 
a  derivation  £^.  We  treat  ^  as  a  multiset  with  elements  the  derivations  £^.  We  call  an  equation  well-typed 
if  the  corresponding  equality  judgment  is  well-typed.  This  notion  extends  naturally  to  equation  systems. 

The  usual  definitions  concerning  substitutions  [BarSO]  are  trivially  extended  to  our  language.  In 
particular,  the  domain  of  a  substitution  0,  denoted  dom(0),  is  the  multiset  of  variables  F  such  that 
U/F  occurs  in  0,  its  image,  lm(0),  is  the  multiset  of  the  corresponding  terms  U ,  and  its  range,  written 
rg(0),  is  the  multiset  of  logical  variables  appearing  in  lm(0).  We  will  always  assume  the  range  of  a 
substitution  to  be  disjoint  from  its  domain.  The  application  of  a  substitution  0  to  a  term  U  (spine  5) 
is  denoted  [0]^7  ([0]5,  respectively).  We  extend  this  notion  to  the  application  of  a  substitution  0  to 
another  substitution  0',  written  [0]0^  and  defined  as  the  substitution  obtained  by  applying  0  to  every 
term  in  the  image  of  0'.  We  write  0o0'  for  the  composition  of  substitutions  0  and  0'.  These  operations 
retain  their  usual  semantics  [BarSO]  also  in  our  setting.  We  will  take  particular  advantage  of  the  following 
properties. 

Property  3.1  {Substitutions) 

i.  [0  o  Q']U  =  [0]([0W)  similarly  for  spines; 

ii.  0o0'  =  0,[0]0'; 

Hi.  (Associativity)  (0  o  0')  o  0"  0  o  (0'  o  0").  □ 

A  consequence  of  (zz)  is  that  [0]0'  =  (0  0  0')|  dom(©q-  We  define  the  canonical  form  of  a  substitution 
0,  written  Can(0),  as  the  substitution  that  differs  from  0  by  replacing  every  element  U/F  in  it  with 
Ca,n{U)/F,  where  logical  variables  are  treated  as  if  they  were  constants. 

Given  a  signature  E,  a  substitution  0  and  a  pool  ^  that  assigns  a  type  at  least  to  every  logical 
variable  in  the  domain  and  range  of  0,  we  say  that  0  is  well-typed  with  respect  to  E  and  ^  if,  whenever 
U/F  occurs  in  0  and  F :A  appears  in  there  is  a  derivation  of  •;  ■  l-s,$  U  :  A.  Notice  that  the  logical 
variables  in  rg(0)  are  again  treated  as  constants. 

The  above  informal  definitions  will  be  sufficient  to  follow  the  development  of  the  discussion.  It  is 
lengthy  but  not  difficult  to  make  them  fully  formal.  We  refrain  from  doing  so  in  order  not  to  blur  the 
analysis  of  our  unification  algorithm  with  additional  complexity. 

3.2  Examples 

The  example  given  in  the  introduction  clearly  shows  how  linearity  restricts  the  set  of  solutions  found 
by  traditional  higher-order  unification  in  the  absence  of  linear  constructs.  We  can  indeed  rewrite  this 
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example  in  the  syntax  of  (chosen  over  for  the  sake  of  clarity)  as  the  following  equation 


h  F^M  =  c^'M^M  :  a. 


where  we  assume  M  to  be  a  closed  term.  As  we  saw,  only  two  of  the  four  independent  solutions  returned 
by  traditional  higher-order  unification  on  the  corresponding  A”^  problem  are  linearly  valid. 

More  complex  situations  rule  out  the  simple-minded  strategy  of  keeping  only  the  linearly  valid  solu¬ 
tions  returned  by  a  traditional  unification  procedure  on  a  linear  problem.  Consider  the  following  equation, 
written  again  in  the  syntax  of  for  simplicity, 


x:a,y:a]^  \-  F"x"y  =  c"(Gi  x  y)  "{G2  x  y)  :  a. 

The  parameters  x  and  y  are  intuit ionistic,  but  F  uses  them  as  linear  objects.  We  must  instantiate  F  to 
a  term  of  the  form  Xx' :  a.  Ay' :  a.  c"Mi  "M2  where  each  of  the  linear  parameters  x'  and  y'  must  appear 
either  in  Mi  or  in  M2,  but  not  in  both.  Indeed,  we  have  the  following  four  incomparable  substitutions: 


F  i —  Xx' :  a.  Xi/ :  a,  c"{Fi^x'''y^)"F2,  Gi  < —  Aa?' :  a.  Ay' :a. 

F  i —  Aa^':a.  Ay':a.c"(T'i"j:')"(F2"y'),  Gi  i —  Xx^  :a.Xy^  \a.  FGx\ 

F  i —  XF  \a.  Xy'  :a.  c"(Fi  "y')  ^{F2"x^),  Gi  < —  Xx^ :  a.  Xy^  :a.  Fi  "y', 

F  < —  Ax'  :a.  Xy' :  a.  c"i^i  "{F2  "x'"y'),  Gi  < —  Xx'  :a.  Xy' :  a.  Fi, 


G2  < —  Ax' :  a.  Ay' :  a.  F2. 

G2  i —  Ax':a.Ay':a.F2  V- 

G2  < —  Ax' :  a.  Ay' :  a.  F2  "x'. 

G2  i —  Ax':a.  Ay':a.F2"x'"y'. 


Traditional  unification  on  the  analogous  A*^  equation' is  unitary  and  has  a  single  solution: 

F  i —  Ax'  :a.  Xy^  :a.  c  (Fi  x'  y')  {F2  x  y'),  Gi  i —  Ax'  :a.  Xy'  :a.  Fi  x'  y',  G2  < —  Ax'  :a.  Ay' :  a.  F2  x'  y'. 


which  is  not  linearly  valid.  This  example  also  illustrates  one  reason  why  linear  term  languages  and 
unification  are  useful.  Linearity  constraints  rule  out  certain  unifiers  when  compared  to  the  simply- typed 
formulation  of  the  same  expression,  which  can  be  used  to  eliminate  ill-formed  terms  early. 


3.3  A  Pre-Unification  Algorithm 

Our  adaptation  of  Huet’s  pre-unification  procedure  to  is  summarized  in  Figures  8-10.  We  adopt 

a  structured  operational  semantics  presentation  as  a  system  of  inference  rules,  which  isolates  and  makes 
every  step  of  the  algorithm  explicit.  Although  more  verbose  than  the  usual  formulations,  it  is,  at  least  in 
this  setting,  more  understandable  and  closer  to  an  actual  implementation.  In  this  subsection,  we  describe 
the  general  structure  of  the  algorithm.  We  will  prove  its  correctness  in  Section  3.4  and  discuss  the  specific 
aspects  brought  in  by  linearity  in  Section  3.5. 

On  the  basis  of  the  above  definitions,  a  unification  problem  is  expressed  by  the  following  judgment: 

e:\h^,0 

where,  for  the  sake  of  readability,  we  keep  the  signature  E  and  the  current  variable  pool  $  implicit. 
We  assume  E  consists  of  well- typed  equations.  The  procedure  we  describe  accepts  E,  ^  and  E  as  input 
arguments  and  attempts  to  construct  a  derivation  X  of  E\Sj^,0  for  some  0  and  E^ .  This  could 
terminate  successfully  (in  which  case  0  is  a  unifier  if  Ej^-  is  empty,  and  only  a  pre-unifier  otherwise). 
It  might  also  fail  (in  which  case  there  are  no  unifiers)  or  not  terminate  (in  which  case  we  have  no 
information). 

Given  a  system  of  well-typed  equations  E  to  be  solved  with  respect  to  a  signature  E  and  a  logical 
variables  pool  the  procedure  non-deterministically  selects  an  equation  ^  from  E  and  attempts  to  apply 
in  a  bottom  up  fashion  one  of  the  rules  in  Figure  8.  If  several  rules  are  applicable,  the  procedure  succeeds 
if  one  of  them  yields  a  solution.  If  none  applies,  we  have  a  local  failure.  The  procedure  terminates  when 
all  equations  in  E  are  flex-flex,  as  described  below. 

Well-typed  equations  in  y-long  form  have  a  very  disciplined  structure.  In  particular,  both  sides  must 
either  be  roots,  or  have  the  same  top-most  term  or  spine  constructor.  Spine  equations  and  non-atomic 
term  equations  are  therefore  decomposed  until  problems  of  base  type  are  exposed,  as  shown  in  the 
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Term  traversal 


5,(r;A  h  C/-5i  =  H-52  :  o)\H^,©  5,  (F;  A  h  // •  5i  =  t/ •  52  :  o)  \  © 

- pu_redex_I  - pu_redex_r 


S,(r;A  h  U-Si  =  H-S2:a)\Eff,e 
E\Eff,Q 


E,(r;A  h  H-Si=U-S2-.a)\Eff,e 


E,(r;A  h  0  =  {):T)\Eff,© 
E,(r;A,i::^  h  U  =  V  :  B)\Eff,e 


5,(r;A  I-  C/i  =  Vi  :  A),(r;A  ^^72=^2  :B)\Eff,e 

pu_unit  - pu-pair 


•  pu_llam 


,(r;A  h  {UuU2)  =  {VuV2)  :AkB)\Eff,e 
E,iT,x:A-,A  h  U  =  V  :B)\Eff,e 


E,(r;A  h  Xx-.A.U  =  \x:A.V  A-oB)\Eff,e 


i,(r;A  I-  \x:A.U  =  Xx-.A.V  :A-^  B)\Eff,e 


-  pu_ilam 


Rigid— Rigid 


c:A  in  Ti  (F;  A  h  5i  =  52  :  A  >  a)  \  'Bff ,  0 

- pu_rr„con 

H,  (F;  A  h  c  •  5i  =  c  •  52  :  a)  \  Sjgr ,  0 

E,{T]  A  Si  =  S2  :  A  >  a)\Eff  E^{T^x:A;  A  Si  =  S2  :  A  >  a)\Eff^S 

-  pu_rr_lvar  - pu-rr-ivar 


:2,  (F;  A, a::  A  h  tc  •  Si  =z  x  '  S2  :  a)  \  Eff,Q 


(F, a; :  A;  A  h  x  •  Si  =  x  ’  S2  :  a)\Eff 


Rigid— Flex 


F  :A  in  ^  h:B  in  E,  For  A  E,  (T;  A  F  ■  S2  =  h  ■  Si  :  a)  \  Eg,  © 
E,(r;A  h  h-Si  =  F-S2:a)\Eff,& 


■  pu_rf 


Flex-Rigid 

F-.Ain^  c- S2  /  Aii'- Si [V/F](E,(r-,  A  F  F  ■  Si  c  ■  S2  :  a))\Eff,@ 

- pu_fr_imit 

H,(r;A  h  F-Si=c-S2:a)\Eff,(eoV/F) 

F-.Ain^  h:BinE,TorA  •  I"  A  IV’' 5i  ^  V  [V/F](S,  (F;  A  h  F  •  5i  = /i  •  S2  :  a))  \  E^,  © 
E,(F;A  I-  F-5i  =  h  ■  S2  :  a)\Eff,{e  oV/F) 

Flex— Flex 


-  pu-fr-proj 


-  pu_ff 


Spine  traversal 


H\H^.© 


(F;  •  h  Ntt.  =  NIL  :  a  >  a)  \  Ejr ,  © 


-  pu_nil 


E,(F;A  h  5i  =52  :  >  a)\Sj,©  S,(F;A  h  5i  =  52  :  ^2  >  a)  \ , © 

-  pu_fst  - pu_snd 


E,  (F;  A  h  m  Si  =  TTi  S2  :  Aik  A2  >  a)\=iff,&  s,  (F;  A  I-  ^"2  5i  =  ;r2  52  :  Ai  &:  j42  >  a)  \  Ejj ,  © 

E,(F;A'  I-  Ui=U2:Ai),{T-,A"  h  5i  =  52  :  ^2  >  a)  \  E^,  © 


■  pu-.lapp 


E,(F;A',A"  h  Ui-Si  =  U2-S2-.Ai  -^A2>a)\Eff,e 
',(F;.  h  Fi  =  F2  :^i),(F;A  F  5i  =  S2  :  A2  >  a)\Eff ,e 
E,(F;A  h  Ui-,Si=U2-,S2:Ai^A2>a)\Eff,e 


Figure  8:  Pre-Unification  in  S' 


F  — O  &  T" 


,  Equation  Manipulation 


lowermost  and  uppermost  parts  of  Figure  8,  respectively.  Then,  possible  redices  are  weak  head-reduced 
so  that  both  sides  of  the  equation  have  either  a  constant,  a  parameter  or  a  logical  variable  as  their  head 
(rules  pu-redexJ  and  pu_redex_r).  When  these  rules  can  both  be  used,  i.e.  if  both  sides  of  the  equation 
are  redices,  applying  them  in  any  order  yields  the  same  result  (this  a  form  of  “don’t  care”  non-deter¬ 
minism):  we  can  for  example  adopt  the  convention  that  the  left-hand  side  is  always  weak  head-reduced 
first. 

Following  the  standard  terminology,  we  call  a  weak-head  normal  atomic  term  H  •  S  rigid  if  FT  is  a 
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Imitation— -tGrin  construction 


c  :A  inE  T]A  Ai^  S' 

F;  A  h  c  ‘  s'  /  a  i\'  NIL  ^  c  •  S 


-  fri_con 


T-,A  \-  U  /  Aiit"  S  ^Vi  r;A  h  A2<-^V2  T;  A  I-  t/ /  ^2  1>‘ 5  M- ^2  T-,AhAi^Vi 

-  fri_pairl  - fri_pair2 


r;A  h  U  fAikA2  -|T‘  tti  S  m-  (^1,^2) 
r-,A,x:A  h  U/ Bit"  S^V 
r;A  h  U  /  A-oBit'  U‘,S  <-^\x:A.V 


■  fri_llam 


r;A  h  U/AikA2  i\‘-  n2  S  ^  {VuVi) 
r,a::A;A  h  U/Bi\''  S^V 

- f 

r;A  h  U  /  A^  Bit''  U;S  ^  Xx-.A.V 


Imitation— spine  construction 


- fri_nil 

F;  •  h  a  4^'  NIL  ^  NIL 


r;A  Ai  S'  ^  S 

-  fri_fst 

r;A  h  AikA2^  JTi  5'M-7ri5 
r;  A'  I-  S  S'  M-  5  T;  A"  h  A  M-  F 

- fri  Japp 

F;A\A''  h  f/;5' 


F;  A  h  A2  4.^  5'  5 

- ftri_snd 

F;  A  f-  Ai  h  A2  7^2  s'  ^  7^2  S 
F;  A  h  B  4f  5'  <->  5  Fr  A 

- fri-iapp 

T;A  h  A^  B  U]S'  ^V-,S 


Projection— term  construction 

r;A  I-  2l4."'a-^S 

- frp  Jvar 

r-,A,x:A  \-  ail”  NIL^  X  ■  S 


r;  A  h  lY’'  S  ^  Fi  T;  A  h  yl2  ^  F2 

- frp_pairl 

r;A  I-  AikA2  •fr’'  ni  S (Vi,V2) 

T-,A,x:A  I-  B  fr"  S  F 

- frp_Uam 

F;A  h  A~<iBi\"  U\S^\x:A.V 


T,x:A;A  F  A  a  S 

- frp-ivar 

F,  o: :  A  h  a  14’^  NIL  ^  x  ‘  S 
r;A  \-  A2'!\^  S  ^V2  F]A\-  Ai^Vi 

- frp_pair2 

T'.Ab  AikA2  It”  :r2SM- (Fi,F2) 
r,a::2l;A  h  B  ft'"  S F 

- frp-ilam 

r;A  \-  A-^  Bi\^  U;S  ^  Xx:A,V 


Projection— spine  construction 


- frp_nil 

F;  •  (-  a  ^  a  ^  NIL 


F;  A  h  a  ^  5 

- frp_fst 

T;  A  1-  &242  4”  a  M-  TTi  S 

F;  A'  I-  B  4.’'  a  M-  S  T-,A"  y-  A^V 

- frp  Japp 

F;A',A"  h  A^B  a^V'^.S 


F;  A  F  yl2  F"  «  -S’ 

- frp_snd 

F;  A  h  A\  &  A2  F^  ®  ^2  -S' 

F;AhBF"a-^5  F;-  A^V 

- fVp  Japp 

F;A  A-^  B  a^V;S 


Figure  9:  Pre-Unification  in  ^  Generation  of  Substitutions 


constant  or  a  parameter,  and  flexible  if  it  is  a  logical  variable.  Since  the  sides  of  a  canonical  equation  ^ 
of  base  type  can  be  only  either  rigid  or  flexible,  we  have  four  possibilities: 

Rigid- Rigid:  If  the  head  of  both  sides  of  ^  is  the  same  constant  or  parameter,  we  unify  the  spines. 
Rigid- Flex:  We  reduce  this  case  to  the  next  by  swapping  the  sides  of  the  equation. 

Flex-Rigid:  Consider  first  the  equation  r;AF  F-5i=C‘52:a  where  the  head  c  is  a  constant. 
Solving  this  equation  requires  instantiating  F  to  a  term  V  such  that  the  root  V  •  Si  reduces  to  a 
term  having  c  as  its  head;  the  resulting  spine  and  S2  are  then  unified,  as  in  the  rigid-rigid  case.  We 
can  construct  V  in  two  manners:  the  first,  imitation^  builds  V  around  the  constant  c  itself.  The 
second,  projection^  constructs  V  around  a  bound  variable  x  that  will  be  substituted  via  /^-reduction 
to  some  subterm  of  Si  that  might  eventually  be  instantiated  to  c.  In  both  cases,  the  head  c  or  a?  of 
V  is  buried  under  a  layer  of  constructors  corresponding  to  the  type  of  F  (or,  more  to  the  point,  to 
the  source  type  of  Si);  it  is  intended  to  access  the  subterms  of  Si  once  ^-reduction  is  performed. 
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Constructors 


r;A  S,A  F:A  “new^’ 


-  raise.unit 


r;A  h  0 
T]A,x:A  V-  B^V 
r;A  f-  A^B  ^\x:A,V 


Spines 


-  raise_root 

T;  A  h  a  ^  F  •  5 

F;  A  h  1^1  T;A\-  A2-^V2 
T;A\-  Ai  kA2  ^  (VI,  V2) 
r,:r:A;A  h  B^V 
r;A  h  A^B^\x\A.V 

-  raise-nil 


■  raise-Ilam 


'  raise-ilam 


r ;  A  h  a  ^  S,B 
r;A,x:A  h  a  ^  {x^';S),A~oB 


•  h  a  M-  NIL,  a 

-  raise_lapp 


r ;  A  h  a  M-  5,  5 


r,a::A;  A  h  a  M-  (a;^;5),74  — )■  B 


-  raise-iapp 


Figure  10:  Pre-Unification  in  ,  Raising  Variables 


This  head  is  applied  to  local  parameters  that,  besides  matching  its  type,  will  have  the  effect  of 
reshuffling  appropriately  the  terms  composing  Si.  Once  V  has  been  produced,  it  is  substituted  for 
every  occurrence  of  F  in  the  equation  system  and  the  pair  V/F  is  added  to  the  current  substitution. 
Flex-rigid  equations  with  a  parameter  as  their  rigid  head  are  treated  similarly  except  that  imitation 
cannot  be  applied  since  parameters  are  bound  within  the  scope  of  logical  variables. 

Given  an  equation  ^  =  (F;  A  h  F  •  5i  =  c  •  52  :  ct),  the  construction  of  the  instantiating  term  V  in 
the  case  of  imitation  is  described  in  the  upper  part  of  Figure  9.  The  judgment 

F';A'  h  c-S2/A'tS[^r 

builds  the  constructors  layer  of  V  on  the  basis  of  the  type  ^4  of  F  (that  is  also  the  source  type  of 
5i).  Here,  c*52  is  the  right-hand  side  of  A'  and  5^  are  initially  set  to  A  and  Si  respectively,  and 
then  to  subexpressions  of  theirs  as  the  computation  of  V  proceeds,  and  F'  and  A'  are  initialized 
to  the  empty  context.  U',  to  be  thought  of  as  the  “output  value”  of  this  judgment,  corresponds  to 
intermediate  stages  of  the  construction  of  V.  Whenever  this  judgment  is  derivable,  we  have  that 
F';  A'  hs  U'  :  A'  and  F;  A*  hs  5^  :  A'  >  a  are  derivable.  In  the  latter  invariant.  A*  is  some 
submultiset  of  the  linear  context  A  of  and  a  is  the  type  of  this  equation. 

As  V  is  constructed,  the  local  parameters  bound  by  linear  and  intuitionistic  A-abstraction  (rules 
fri  Jlam  and  fri  Jlam)  are  stored  in  the  accumulators  F'  and  A'  respectively.  When  A'  has  the 
form  Ai  &  A2  (rules  fri_pairl  and  fri-.pair2),  V'  must  be  a  pair  (U/,  V2)  and  S'l  must  start  with  a 
projection.  The  subterm  V/  that  is  projected  away  can  be  arbitrary  as  long  as  it  has  type  A[  and 
uses  up  all  local  parameters  in  F';  A';  this  is  achieved  by  means  of  the  variable  raising  judgment 
discussed  below. 

When  a  base  type  is  eventually  reached  (rule  fri.con),  the  right-hand  side  c  •  S2  of  the  original 
equation  is  accessed,  the  constant  c  is  installed  as  the  head  of  V  and  its  spine  5  is  constructed  by 
looking  at  the  spine  52  and  inserting  the  local  parameters  accumulated  in  F';  A'.  The  spine  5  is 
built  by  the  judgment 

F";  A"  h  B'  S'2  ^  S' 

where  J5',  S'2,  T"  and  A"  are  initially  set  to  the  type  B  of  c,  the  spine  52  and  the  accumulators  F' 
and  A'  respectively,  and  then  to  subexpressions  (subcontexts)  as  the  computation  of  5  proceeds. 
The  “output  value”  S'  corresponds  to  intermediate  stages  of  the  construction  of  5.  The  invariants 
for  this  judgment  are  F";  A"  hs  S'  :  B'  >  a  and  F;  A*  hs  S'l  :  B'  >  a,  where  again  A*  is  a 
subcontext  of  A. 
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S  is  constructed  by  mimicking  the  structure  of  S2  in  the  sense  that  both  will  consist  of  the  same 
sequence  of  spine  constructors  although  possibly  applied  to  dilferent  arguments.  This  invariant 
relates  5'  and  S2  formalized  as  S'  5^  in  Section  3.4.2.  Notice  the  use  of  the 

variable  raising  judgment  (discussed  below)  in  rules  friJapp  and  friJapp  to  construct  appropriate 
7?-long  arguments  with  new  logical  variables  as  heads  applied  to  the  parameters  in  F";  A". 

The  construction  of  V  in  the  case  of  projection,  displayed  in  the  lower  part  of  Figure  9,  is  similar. 
Given  an  equation  ^  =  (F;  A  h  F  ^  Si  =  h  •  S2  '  o,)  with  h  a  constant  or  a  parameter,  the 
instantiating  term  V  for  F  is  constructed  by  means  of  the  judgment 

F';A^  h  r  S[^V'. 

Here,  A'  is  initialized  to  the  type  A  of  F,  S'l  to  the  spine  Si  and  both  accumulators  F'  and  A'  to  the 
empty  context.  The  “output  value”  V'  represents  intermediate  stages  of  the  calculation  of  V,  The 
main  invariants  for  this  judgment  are  similar  to  the  case  of  imitation.  Observe  that,  differently  from 
imitation,  the  right-hand  side  of  ^  is  not  taken  into  consideration  in  this  judgment,  and  therefore 
in  the  construction  of  V.  There  can  be  a  combinatorial  explosion  in  the  number  of  instantiating 
terms  V  that  are  generated  in  this  way.  The  absence  of  guidance  from  the  term  h  •  S2  will  cause 
most  of  them  to  be  discarded.  This  is  a  major  source  of  inefficiency  and  divergence  in  a  Huet-like 
algorithm. 

The  head  of  V  relative  to  Si  is  set  to  a  local  parameter  x  from  F'  or  A'  (rules  frp  Jvar  and  frp  Jvar, 
respectively).  The  corresponding  spine  S  is  constructed  by  means  of  the  judgment 

F";A"  h  A';""  a^S'. 


Here,  A'  is  initialized  to  the  type  A  of  F"  to  F',  and  A''  to  A'  (after  withdrawing  x  :  A  from 
it,  if  X  is  linear).  Here,  a  is  the  type  of  the  original  equation  As  in  previous  cases,  S'  is  the 
“output  value”  of  this  subprocedure  and  corresponds  to  intermediate  stages  of  the  construction  of 
5.  Whenever  this  judgment  is  derivable,  there  is  always  a  derivation  of  F";  A"  hs  S'  :  A'  >  a. 

The  main  difference  with  respect  to  the  analogous  imitation  judgment  is  that  the  spine  S  is  built 
on  the  basis  of  the  type  A  of  the  projected  parameter  (rules  frp  Jvar  and  frp  Jvar)  rather  than 
relative  to  the  spine  in  the  right-hand  side  of  the  equation.  This  leads  to  a  form  of  non-determinism 
for  product  types  not  present  in  the  case  of  imitation  (rules  frpJ’st  and  frp_snd). 

The  purpose  of  the  variable  raising  judgment 

F';A'  h  t/, 

displayed  in  Figure  10,  is  to  produce  an  //-long  term  V  of  type  A  with  new  logical  variables  as  its 
heads  (rule  raise_root)  and  the  parameters  accumulated  in  F';  A'  in  the  corresponding  spines.  No¬ 
tice  that  functional  types  yield  new  local  parameters  (rules  raise  Jlam  and  raise  Jlam) .  Whenever 
this  judgment  is  derivable,  there  is  a  derivation  of  F';  A'  hs  V  :  A, 

The  spines  themselves  are  constructed  by  means  of  the  judgment 

T';A'  h  a^S,A 

which,  given  F',  A'  and  a,  builds  a  spine  S  mapping  heads  of  type  A  to  roots  of  type  a  by  non- 
deterministically  rearranging  the  parameters  present  in  F';  A'.  We  have  F';  A'  a  :  S  >  A  as 
an  invariant  for  this  judgment. 

Observe  that,  if  F';  A'  contains  n  assumptions  altogether,  this  judgment  has  n\  derivations,  which 
yield  as  many  spines  5  and  types  A,  The  actual  permutation  that  is  picked  is  however  unimportant 
since  it  only  affects  the  type  (A)  of  the  “new”  logical  variable  F  in  rule  raise jroot.  Therefore, 
the  choices  present  in  rules  raise  Japp  and  raise  Japp  (and  choosing  between  them)  is  a  form  of 
“don’t  care”  non-determinism. 
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Flex-Flex;  Similarly  to  a  system  composed  uniquely  of  flex- flex  equations  is  always  solvable  in 
Indeed,  every  logical  variable  F  in  it  can  be  instantiated  to  a  term  Vp  consisting  of  a 
layer  of  constructors  as  dictated  by  the  type  of  F,  but  with  every  root  set  to  Ga  -  ()?NIL  (i;e.  Ga  ^() 
in  where  Ga  is  a  common  new  logical  variable  of  type  T  -o  a,  for  each  base  type  a.  Then, 

after  normalization,  every  equation  f  reduces  to  H  Ga  ‘  ()Tnil  =  Ga  •  ()Tnil  :  a  which  is 

linearly  valid,  although  extension  ally  solvable  only  if  a  ground  substitution  term  for  each  needed 
Ga  can  indeed  be  constructed.  When  this  situation  is  encountered,  the  procedure  terminates  with 
success,  but  without  instantiating  the  logical  variables  appearing  in  it.  The  substitution  constructed 
up  to  this  point,  called  a  pre-unifier^  is  returned. 

The  possibility  of  achieving  an  algorithm  a  la  Huet  depends  crucially  on  flex-flex  equations  being 
always  solvable.  If  this  property  does  not  hold,  as  in  some  sublanguages  of  we  will  discuss 

in  this  paper,  these  equations  must  be  analyzed  with  techniques  similar  to  [JP76]  or  [Mil91]. 


We  will  now  discuss  a  number  of  simple  examples  in  order  to  gain  familiarity  with  this  algorithm.  We 
will  focus  our  attention  on  the  flex-rigid  and  rigid-rigid  cases. 

Example  1:  In  the  signature  Si  =  (era)  and  pool  =  [F  \a  a),  consider  the  following  equation  <Ji, 
written  in  the  syntax  of  for  simplicity: 


.  h  F  c  =  c  :  a. 


(this  equation  corresponds  to  *  P  F  •  (c  •  nil); NIL  c  •  NIL  :  a  in 

has  the  two  following  solutions,  again  expressed  in  the  syntax  of  (and  of  in 

parentheses);  we  use  bracketed  indices  to  distinguish  these  solutions: 


f—  Ao?' :  a.  c  (F^^)  4—  A:r' :  a.  c  •  NIL) 

F(2)  ^ —  Xx^ :  a.  (F^^^  i —  Xx^  \a.x'  ^  nil) 

The  first  is  obtained  by  imitation  as  witnessed  by  the  presence  of  the  constant  c  as  the  head  of  the 
instantiating  term  for  F.  The  second  is  the  result  of  projection,  indicated  by  bound  variable  a?'. 


Example  2;  In  a  signature  1)2  identical  to  Ei,  but  with  the  pool  $2  =  (F:a  — o  a),  consider  the  equation 

6: 

•  b  F^.c  =  c  :  a 


that  differs  from  only  by  F  standing  for  a  linear  rather  than  an  intuitionistic  function.  This 
equation  has  a  single  solution  obtained  by  projection: 


Xx'  :a,x^ 


(F  i —  Xx'  :a.x'  ♦  nil) 


Indeed  the  instantiating  term 


Xx':a.c  (Aar':a.  c  •  nil) 

corresponding  to  the  solution  obtained  by  imitation  in  the  previous  example,  is  not  linearly  valid 
since  the  parameter  x^  is  never  used.  The  impossibility  to  apply  rule  fri_Qil  prevents  our  pre- 
unification  algorithm  from  producing  this  term  as  a  solution:  this  rule  expects  an  empty  linear 
local  parameters  accumulator  while  in  this  case  it  contains  x^  :a. 

Example  3:  Next,  we  analyze  in  depth  one  of  the  equations  considered  in  Section  3.2: 

x\a,y\a]‘  \-  F^x^y  —  c"(Gi  x  y)"{G2  xy)  \  a. 

The  signature  of  this  equation,  <^3,  is  E3  =  (c :  a  — o  a  -o  a)  and  the  variable  pool  at  hand  is  #3  =  (F : 
a—o  a  —o  a^Gi\a  ^  a  — )■  a,  G2  :  u  — u  a).  The  application  of  our  algorithm  yields  the  following 
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four  instantiating  terms  for  F,  all  obtained  by  imitation,  and,  after  weak  head-normalization,  the 
equations  to  their  right,  where  T  stands  for  the  intuitionistic  context  {x:a,y:a). 

^  Xx’  :a.\y'  ■.a.c-{Fi-'x'y)^F2  T;  •  h  c''{Fi^x-'y)^F2  =  c^{Gi  x  y)^{G2  x  y)  :a 

ir(2)  ^  A®':a.V:«-c*(FiV)*(F2V)  T;  •  h  c-(Fi^x)'{F2^y)  =  c‘(G,  x  y)-{G2  x  y)  :  a 

ir(3)  ^  Aa;':<2.V;a.c*(FiV)*(^’2V)  T;  •  h  c~(Fry)^{F2^x)  =  c^{Gi  x  y)~{G2  x  y)  :  a 

FG)  Xx'  -.a.Xy'  :a.c''Fi^{F2^x'~y')  T;  •  h  c*Fr(jP2  =  c'(Gi  a;  y) ''(G2  *  3/)  :  a 

The  logical  variables  Fi  and  F2  appearing  in  the  instantiating  terms  for  F  are  produced  by  the 
variable  raising  judgment  in  rule  friJapp.  They  contribute  to  the  variable  pool  $3^  of  equations 
^3*^  with  types  (Fi :  a  — o  a  — o  a,  F2  :  a),  (Fi :  a  -o  a,  F2  :  a  — o a),  (Fi : a  — o  a,  F2 :  a  — o  a)  and  {Fi :  a,  F2 : 
a-oa-oa),  respectively. 

Each  of  the  ^3*^  is  a  rigid-rigid  equation  with  the  constant  c  as  its  head.  It  is  therefore  processed 
by  rule  pu_rr_con.  Two  uses  of  rule  puJapp  followed  by  rule  pujiil  produce  the  following  four 
sets  of  flex-flex  residual  equations: 


=(1) 

^3 

(F;-  h  Fi^x^y  -  Gixy  :  a, 

F;  •  h  F2  =  G2  X  y  :  a) 

[I] 

(F;  •  h  Fi~x  =  Gi  X  y  ■.  a, 

F;  •  H  F2'y  =  G2xy  a) 

S  co¬ 
ll] 

(F;  •  h  Fi"y  =  Gi  xy  :  a, 

F;  •  h  F2~x  =  G2  X  y  :  a) 

Sco 

[I] 

(F;  •  h  Fi  =  Gi  X  y  :  a, 

F;  •  h  F2^x'y=G2xy.a) 

Each  of  these  situations  triggers  the  application  of  rule  pu  JF  and  the  pre-unification  procedure 
terminates  returning  the  above  instantiating  terms  for  F,  and  the  residual  flex-flex  equation  systems 
as  constraints.  At  this  point,  our  algorithm  stops. 

Notice  that,  in  this  specific  case  (we  are  dealing  with  pattern  equations,  see  Section  4.2),  the 
residual  equation  systems  could  be  further  simplified,  obtaining  the  following  solutions  for  Gi  and 
G2,  which,  together  with  the  corresponding  instantiation  for  F,  constitute  four  solutions  for  the 
original  equation  <^3. 

i —  Xx'  :a.  Xy' :  a.  Fi  ''F^y^  < —  XF  :  a.  Ay' :  a.  F2 

^ —  Aa;':G.Aj/':a.Fi  V  4—  Aa;':a.  Aj/':a.  ^2*3/' 

Gf  ^  <r— Xx':  a.  Xy'-.  a.  Fi  V  G'^'*  4—  Aar' :  a.  Xxf :  a.  F2  ~x' 

Gj^^  4 —  Xx'  :a.  Xy' :  a.  Fi  G^^  4 —  Xx'  :a.  At/ :  a.  F2*ar'"t/' 

The  variables  Fi  and  F2  can  be  instantiated  with  any  term  of  the  appropriate  type,  assuming  that 
such  terms  can  be  constructed.  Observe  that  this  cannot  be  achieved  with  the  constant  c  alone. 

Example  4:  As  our  next  example,  we  consider  the  equation  ^4,  written  in  the  syntax  of  in 

parentheses: 

'\x:a  f-  FST  [F^x]  =  f"x  :  a  ['\x  :a  b  F  •  x^t^i  nil  =  /  ♦  x;mL  :  a) 

where  F  has  type  a  -o  (a  &  a)  in  the  pool  ^4  and  the  current  signature  is  XI4  =  (/ :  a  -o a).  We  have 
one  solution  obtained  by  imitation 

F  Xx':a.{f^{Fi^x'),F2^x')  (F  ^ —  AF:a.(/-  (Fi  •  (a:' ;  nil))  ;  NIL,  F2  •  ;NIL)) 

The  logical  variables  Fi  and  F2,  both  of  type  a  -o  a,  have  again  been  introduced  by  the  raising  pro¬ 
cedure.  The  origin  of  the  first  is  in  rule  fri  Japp,  while  the  second  is  a  by-product  of  the  application 
of  rule  friqpairl.  Since  x'  is  a  linear  parameter,  it  must  occur  linearly  in  both  subexpressions  of 
the  additive  pairing  construct.  The  fact  that  x*  is  an  argument  to  Fi  and  F2  ensures  that  it  will 
be  used  linearly  by  any  instantiating  term  for  these  variables. 

Substituting  the  above  term  for  F  and  performing  weak  head-normalization  yields  the  following 
rigid-rigid  equation  <^4 

’]x\a  h  /"(Fi  ^x)  -  f^x  :  a 
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which,  after  applying  rules  pu_rr_con,  puJapp  and  pu_nil,  reduces  to  an  equation  similar  to  the 
one  analyzed  in  our  second  example  above.  The  overall  substitution  is 

Fi  i — Xx':a.x\  Fi — \x^  :a.  {f"x' ,  F2"x') 

and  no  flex-flex  equation  is  produced. 

Example  5:  The  next  example  is  intended  to  demonstrate  how  complex  a  situation  can  be  when  logical 
variables  have  functional  parameters.  The  signature  E5  of  this  simple  instance  is  (c:a,/:a  a). 

We  have  also  the  variable  pool  $5  =  (T :  (a  a)  -o  a).  The  equation  ^5  is  the  following: 

h  F^{Xy:a.fy)  =  f^c:a 

The  use  of  imitation  produces  the  following  substitution  for  F  and  equation  ^5,  where  we  have 
made  an  implicit  use  of  rule  pu^xedexJ  followed  by  puj’r.^con,  puJapp  and  pu_nil: 

^(1)  ^ —  Xx  :a  a.  f"{Fi  "{Xz:a.  x  z))  <^5!  •  h  Fi  "{Xy:a.  f  y)  =  c  :  a 

where  Fi  has  type  (a  — )■  a)-oa.  Imitation  cannot  be  applied  to  <^5  because  c  does  not  accept 
arguments  while  the  linear  argument  of  Fi  must  be  consumed  somehow.  Projection  yields  the 
following  substitution-equation  pair  (after  simplification): 

Fi  < —  Xx  :a  a.  X  ^  =  c  :  a 

where  the  type  of  F^  is  a.  The  equation  on  the  right-hand  side  is  clearly  non  solvable  and  indeed 
no  rule  can  be  applied  to  further  reduce  it.  We  must  backtrack  to  our  original  equation  ^5. 

We  are  therefore  left  to  attempting  projection,  which  yields  the  following  instantiating  term  for  F, 
that,  after  substitution  and  weak  head-normalization,  gives  rise  to  the  equation  ^5  on  the  right-hand 
side. 

^  Aa;:o  ^a.a;*F2  ^5-  S'  I"  = /"c  :  a 

Again,  F2  derives  from  variable  raising  in  rule  fri  Japp.  ^5  is  a  rigid-rigid  equation:  the  application 
of  rules  pujrr_con,  puJapp  and  pu_nil  reduces  it  to  the  flex-rigid  (first-order)  equation 


.  h  F2  =  c  :  a 


with  the  obvious  solution 


F2 


c 


obtained  by  imitation.  The  solution  returned  by  our  pre-unification  algorithm  is  therefore,  after 
composing  these  two  substitutions, 


F2 


F 


Xx 


:a  ^  a.x  c. 


Notice  that  F2  is  not  mentioned  anywhere  and  could  therefore  be  dropped.  No  residual  flex-flex 
equation  is  produced. 

Example  6:  As  our  final  example,  consider  the  flex-flex  equation 

x:a^y:a] '  \-  Fi  =  ^2"^  :  a 

in  some  signature  Ee  and  with  respect  to  variable  pool  =  (-^i  :  a— oa,F2  :  a— oa).  Our  pre¬ 
unification  algorithm  returns  this  equation  untouched  as  a  constraint  by  means  of  rule  pu_ff. 

Since  it  is  a  flex-flex  equation,  has  the  solution 

Fi  ^  Aar':a.G^(),  F2  Aa:':a.G"() 

where  G  is  a  new  logical  variable  of  type  T  -o  a.  The  relevance  of  this  substitution  as  a  solution  for 
^6  depends  on  the  specific  applications:  it  is  an  open  solution  in  the  sense  that  it  mentions  logical 
variables  (G  in  this  case).  The  existence  of  ground  or  closed  solutions  that  do  not  mention  any 
logical  variables  depends  on  whether  Ee  is  equipped  with  constants  permitting  the  construction  of 
at  least  one  (ground)  term  of  the  appropriate  type,  T~oa  in  our  case. 
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3.4  Soundness  and  Completeness 

The  procedure  we  just  described  is  not  guaranteed  to  terminate  for  generic  equation  systems  since  flex- 
rigid  steps  can  produce  arbitrarily  complex  new  equations.  However,  it  is  sound  in  the  sense  that  if  a 
unifier  or  pre-unifier  is  returned  the  system  is  solvable  (where  free  variables  are  allowed  in  the  second 
case).  It  is  also  non-deterministically  complete,  i.e.,  every  solution  to  the  original  system  is  an  instance 
of  a  unifier  or  pre-unifier  which  can  be  found  with  our  procedure. 

We  dedicate  this  section  to  proving  these  properties.  The  relatively  straightforward  proof  of  soundness 
can  be  found  in  Section  3.4.1.  Proving  completeness  is  much  more  involved  since  it  requires  gaining  a 
deep  understanding  of  the  auxiliary  judgments  defined  in  Figures  9-10.  We  first  give  some  definitions 
that  will  be  needed  for  this  proof  in  Section  3.4.2,  and  then  prove  the  completeness  theorem  itself  and  a 
number  of  auxiliary  lemmas  in  Section  3.4.3. 

3.4.1  Soundness 

Proving  the  soundness  of  our  linear  pre-unification  algorithm  is  particularly  simple  since  we  do  not  need 
to  deal  with  the  intricacies  of  instantiating-term  formation.  The  proof  that  it  returns  a  solution  when 
the  original  system  is  indeed  solvable  proceeds  by  a  simple  induction. 

Theorem  3.2  [Soundness  of  linear  pre-unification) 

If  X  ::  E\Eff,Q  and  there  is  a  substitution  Qff  such  that  the  multiset  of  equality  judgments 
has  a  derivation  S,  then  [0j^  o  ©jS  is  derivable. 

Proof. 

We  proceed  by  induction  on  the  structure  of  X .  The  last  rule  applied  in  X  can  belong  to  one  of  the 
following  four  categories. 

Simplification  rules:  We  group  under  this  category  any  rule  that  does  not  involve  directly  logical 
variables.  More  specifically,  we  have  all  the  inference  rules  in  the  ‘term  traversal’,  ‘spine  traversal’ 
and  ‘rigid-rigid’  segments  of  Figure  8.  These  cases  are  handled  trivially  since  there  is  a  perfect 
match  between  these  rules  and  corresponding  equality  rules. 

As  an  example,  we  will  carry  out  the  case  concerning  rule  pu_rr  Jvar. 

Let  ^  =  (F;  A,  a! :  A  h  x  •  S\  —  x  '  o)  and  =  (F;  A  h  \  A>  a).  Then,  we  have  that: 

A" 

X  —  - pu_rr  Jlvar 

where  E  and  there  is  a  substitution  0j^  such  that  S  :: 

By  induction  hypothesis,  the  multiset  of  equality  judgments  [0j^  o  0](E',^')  has  a  derivation  £' . 
Let  be  a  derivation  of  [0j^  o  0]^',  i.e. 

4  ::r;A  h  [0^  o  0]5i  =  [0^  o  0]52  :  A  >  a 

by  definition  of  substitution  application.  Then,  by  rule  Seq Jvar,  there  is  a  derivation  of 

F;  A,  a? :  A  h  [€)j5^  o  0](iP  •  ^i)  =  [0j^  o  0](x  •  S2)  '  a 

i.e.  of  [0^  o  that  together  with  the  remaining  elements  of  constitutes  the  desired  multiset 
of  derivations  for  [0^  o  ©](E',  <J). 

Rigid-flex  rule:  We  use  this  label  to  indicate  rule  pu_rf.  We  prove  this  case  by  relying  on  the  fact  that 
the  equality  judgment  admits  symmetry  (Lemma  2.19). 


34 


Let  h  he  a,  constant  or  a  parameter,  ^  =  (F;  A  h  h  ^  Si  =  F  ^  S2  •  o,)  and  =  (F;  A  H  F  •  S2  = 
h  '  Si  :  a).  Then,  we  have  that: 

T' 

X  = - pu_rf 

where  E!  =  E!',^. 

By  induction  hypothesis,  there  is  an  equality  derivation  of  [0^  o  0](Ei',^'),  which  contains  a 
derivation  of[Qff  o  0]^^'.  Since  by  Lemma  2.19  equality  is  symmetric,  there  is  a  derivation  of 

F;A  h  [0^o0](/i.5i)  =  [0j^o0](F.52):a 

and  this  concludes  this  part  of  the  proof. 

Flex-rigid  rules:  We  consider  here  the  flex- rigid  family  of  rules  from  Figure  8.  We  will  exemplify  the 
treatment  of  this  class  by  considering  rule  pu_fr  Jmit. 

Let  ^  =  (F;  A  h  F  •  5i  =  c  •  52  :  a).  Then, 


X  “ - pu_fr_imit 

E',i\Eff,{Q'oVIF) 


where  =  and  0  =  0' o  V^/F. 

By  induction  hypothesis,  there  is  an  equality  derivation  V  of  [Qff  o  0']([V'/F]H).  By  definition 
of  substitution  composition,  this  expression  rewrites  to  [(0j^  o  0')  o  V/F]E.  Since  substitution 
composition  is  associative,  this  is  equivalent  to  [Qff  o  (0'  o  V/F)]E,  and  this  concludes  this  case  of 
the  proof. 


Success  rule:  The  one  remaining  possibility  as  the  last  inference  of  X  is  rule  pu_fF.  We  have  therefore 
the  following  derivation  X : 

X  = - pu_ff 


with  E  =  Ejf  and  0  — 

By  assumption,  we  know  that  £  ::  Then,  by  a  well-known  property  of  substitutions,  we 

have  also  that  £  ::  [0j^  o  •]Eff^  which  is  what  we  had  to  prove.  eT 


It  is  not  difficult  to  generalize  this  procedure  to  full  unification  (as,  for  example,  in  [SG89]),  although 
we  fail  to  see  its  practical  value. 

3.4.2  Preliminary  Definitions  for  the  Completeness  Theorem 

In  this  section,  we  have  grouped  several  definitions  and  minor  properties  we  will  rely  on  in  the  proof 
of  the  completeness  theorem.  We  need  approximate  forms  of  typing  and  equality  for  spines,  and  the 
definitions  of  the  orderings  we  will  base  the  inductive  proof  of  the  theorem  on. 

Approximation  of  Spine  Typing 

We  observed  earlier  that  the  derivability  of  a  spine  equality  judgment  F;  A  hs  5i  =  52  :  A  >  a  does 
not  imply  in  general  that  the  typing  judgments  F;A  hs  5*  :  A  >  a  have  derivations,  for  i  =  1,2. 
However,  for  this  judgment  to  hold,  the  structure  of  the  spines  5*  cannot  be  arbitrary.  We  denote  the 
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minimal  requirement  expressed  in  the  rules  for  equality  in  Figure  5  by  means  of  the  relation  S-^A,  which 
we  read  spine  S  respects  type  A.  It  is  defined  as  follows: 


NIL  a 

7^1  S  Ai  h  A2 
7^2  S  ~~  A\  h  A2 
U'^,S-rAi-oA2 
U]S~^Ai~^A2 


always 
if  S  Ai 
tf  S-rA2 
if  5-^2 
if  S^A2 


It  is  easy  to  prove  that  if  F;  A  hs  5i  =  ^2  :  ^  >  n  is  derivable,  then  Si-^A  holds,  for  i  ~  1, 2,  according 
to  the  above  definition.  We  will  use  this  notion  when  dealing  with  equations  as  an  approximation  of 
typing,  and  when  the  spine  at  hand  contains  logical  variables  and  is  therefore  not  typable  in  the  given 
signature.  Similar  definitions  can  be  made  for  terms,  but  we  will  not  need  them. 


Approximation  of  Spine  Equality 

In  the  auxiliary  lemmas  to  the  completeness  theorem,  we  will  often  need  to  assume  the  existence  of 
different  stages  of  instantiation  of  the  same  spine.  Relying  on  equality  judgments  for  this  purpose  is 
feasible,  but  results  in  obscure  statements.  Instead,  we  capture  the  minimal  compatibility  requirements 
for  two  spines  Si  and  S2  to  have  a  common  instance  by  means  of  the  relation  Si  ^  S2,  defined  as  follow: 


NIL  ^  NIL 

TTi  -  TTi  S2 
7r2  5*1  ^  7T2  S2 
f^i;5i^C/2;52 
Ui;Si^U2;S2 


always 
if  5i-52 
^f  Si^S2 
tf  5i-52 
if  Si  ^  S2 


It  is  easy  to  prove  that  whenever  the  judgment  F;  A  hs  5i  —  52  :  A  >  a  is  derivable,  then  5i  ^  S2 
holds.  Notice  also  that,  if  5i  52,  then  there  is  a  type  A  such  that  5i  -r  A  and  S2 A  hold.  The 
opposite  ent ailment  fails  because  of  the  presence  of  product  types. 


Relative  Heads 


Next,  we  wish  to  identify  the  head  of  a  canonical  term  U  with  respect  to  a  spine  5,  where  both  might 
contain  logical  variables.  In  the  simply  typed  A-calculus  A“^,  an  accompanying  spine  would  be  unnecessary 
since  every  term  has  exactly  one  head.  In  ^  the  presence  of  pairs  complicates  this  situation.  We 

rely  on  a  spine  to  locate  the  head  we  are  interested  in  among  the  many  the  term  at  hand  might  contain. 
The  head  of  U  relative  to  5,  written  Hs{U)j  is  defined  as  follows: 


^NiL(a^*5)  = 

-^nil(c  •  5)  = 

H^il{F-S)  = 
H,,s{{UuU2))  - 
H.,s{{UuU2))  = 

Hv;sCXx:A.U)  = 
Hv.s{><x:A.U)  ^ 


F 

Hs{Ui) 

Hs{U2) 

Hs{U) 

Hs{U) 


Notice  that  this  function  is  partial:  it  is  undefined  in  the  situations  not  listed  in  this  definition.  In 
particular,  our  assumption  that  U  is  in  canonical  form  is  essential  since  we  did  not  provide  a  case  for 
redices.  However,  it  is  easy  to  prove  that  whenever  U  has  some  type  A  and  there  is  a  derivation  of 
F;  A  hs  5  :  Aa  for  some  contexts  F,  A  and  base  type  a,  then  Hs{U)  is  defined. 

In  the  following,  we  will  rely  on  a  simple  property  of  this  notion: 


Lemma  3,3  {Relative  heads) 

2.  If  Hs{U)  =  c,  then  Can(t/  •  5)  =  c  •  5'  for  some  spine  5'; 
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ii.  If  Hs(U)  =  F,  then  Caji{U  •  S)  F  ^  S'  for  some  spine  S'. 

Proof. 

By  induction  on  the  structure  of  U  and  S.  An  auxiliary  induction  on  the  reduction  sequence  is  needed 
to  cope  with  functional  object.  eT 

A  similar  property  does  not  hold  for  parameters  since  ^-reduction  can  change  a  bound  parameter  in  U 
to  an  arbitrary  term. 

Instantiating-Term  Ordering 

We  conclude  this  section  with  the  definition  of  the  two  ordering  relations  we  will  use  to  carry  on  the 
inductive  argument  in  the  proof  of  the  completeness  theorem.  The  first  of  these  orderings,  denoted 
Us  n  Vs,  where  Us  and  Vs  are  multisets  of  terms,  specifies  Us  differs  from  Vs  only  by  the  fact  that  some 
terms  in  Us  are  subterms  of  a  term  V  in  Vs,  abstracting  from  the  presence  of  constructors. 

An  example  will  help  gain  some  intuition  about  this  notion.  We  want  for  instance  that 

(Xx  :a.  Xy:a.  X,  Xx  :a.  Xy:a.y)  [I  Xx  :a.  Xy:a.  cx  y 

since  both  x  and  y  are  subterms  oi  cxy.  It  will  be  useful  to  express  this  example  according  to  the  syntax 
of  S-^-^^'^: 


{Xx:a.Xy:a.x  'NIL,  Xx  :a.  Xy:a.  y  ■  nil)  □  Air :  a.  Ay  :u.  c  •  •  nil);  (y  •  nil);  NIL. 

In  the  proof  of  the  completeness  theorem,  Us  and  Vs  will  be  the  images  of  two  substitutions.  The  former 
will  have  to  be  shown  smaller  than  the  latter  in  order  to  apply  the  induction  hypothesis. 

We  define  the  □  relation  in  stages  on  different  entities,  but  take  the  liberty  to  overload  this  symbol 
as  well  as  the  auxiliary  □.  The  distinction  should  be  clear  from  the  context.  We  have  the  following 
definition: 

U  =rais€  V'l  We  write  U  =^raise  V  to  denote  the  fact  that  two  terms  U  and  V  differ  only  by  the  presence 
of  leading  abstractions  in  U .  V  will  always  be  a  root.  This  relation  is  formally  defined  as  follows. 


U  — raise  U 
Xx  :  A.  U  ^ raise  V 
Xx  :  A.  U  ^raise  V 


U  — raise  V 
if  U  —raise  V 


In  the  example  above,  we  have  that 


Air :  a.  Ay :  a.  X  •  NIL  =rai5e  2?  *  nil  and 
i.e.  Xx  :a.  Xy:a.  X  =raise  ^ 


Ax:a.  Ay:a.y -NIL  =raise  y  -  nil, 
Xx:a.Xy:a.y-raise  V- 


Z7s  □  V:  We  recursively  extend  the  above  relation  so  that  its  right-hand  side  operates  on  terms  of 
arbitrary  type,  and  not  just  on  roots,  and  its  left-hand  side  is  a  multiset  of  terms. 

•E() 

UQH-S 
UsQ{VuV2) 

UsrXx-.A.V 
UsQXx:A.V 

In  the  previous  example,  the  first  of  these  specifications  allows  us  to  conclude  that 

Ak  :  a.  Aj/:a.  a;  -  NIL  C  a:  •  NIL  and  Aa;  :a.  Aj/:a.  j/ •  NIL  C  j/ •  NIL. 


always 

if  U  —raise  ^  '  S 

if  Us  =  iUsi,Us2),  Usi  C  Vi  and  Us2  Q  V2 
if  UsQV 
if  UsUV 
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Us  Q  S:  We  extend  the  above  relation  so  that  it  matches  all  the  arguments  of  a  spine  with  a  given 
multiset  of  terms. 

‘  □  NIL  always 
Us^TTiS  if  Us  Q  S 
Us  Q  772  S  if  Us  n  S 

Us  C  y  ;5  if  Us  =  {Us',  Us"),  Us'  C  1/  and  Us"  □  S 
UsnV;S  if  Us  =  {Us',  Us"),  Us'  □  F  and  Us"  □  5 

With  respect  to  our  current  example,  we  have  that 

{Xx:a.Xy:a.x  -mh,  Xx:a.  Xy:a.y  ^mh)  □  {x  •  nil);  (y  •  nil);  nil. 

Us  U  V:  The  following  definition  extends  the  last  relation  to  roots  and  inductively  to  arbitrary  terms. 
Note  that  while  the  previous  specifications  could  relate  a  term  to  itself,  this  is  not  possible  here:  (I 
is  strict. 

UsCH-S  if  UsQS 

UsC{VuV2)  if  Us  =  {Usi,Us2),UsiCVi  andUs2QV2,  or 

Usi  C  Vi  and  Us2  C  V2 

UsCXx:A.V  if  UsCV 

UsCXx:A.V  if  UsCV 

In  relation  with  our  example,  we  have 

{Xx  :a.  Xy  .a.x  '  NIL,  Xx  :a.  Xy  :a.  y  •  NIL)  \Z  Xx :  a,  Xy:  a.  c  ^  {x  •  nil);  {y  -  nil);  NIL. 

Us  □  V^:  Finally,  we  extend  this  relation  so  that  the  right-hand  side  is  a  multiset  of  terms. 

Us',  Us"  CV,  Us"  if  Us'rV 

This  definition  allows  us  to  complete  the  example  presented  at  the  beginning  of  the  discussion.  It 
is  trivially  obtained  from  our  last  relation  by  taking  Us"  to  be  the  empty  multiset. 

The  ordering  we  will  rely  on  in  the  proof  of  the  completeness  theorem  is  Us  [Z  Vs.  In  order  to  do  so, 
we  must  show  that  it  is  not  possible  to  construct  an  infinite  descending  E-chain  at  any  multiset  Us. 

Lemma  3.4  (  Well-foundedness  of  c) 

Us  E  Vs  is  a  well-founded  ordering. 

Proof. 

After  proper  generalization  to  take  into  account  the  several  involved  relations,  this  very  simple  proof 
proceeds  by  induction  over  the  above  definition.  eT 


Derivation  Ordering 

The  second  ordering  relation  we  need  is  among  multisets  of  equality  derivations  obtained  by  applying  a 
substitution  to  an  equation  system.  Given  systems  E^,  substitutions  G*  and  multiset  derivations  of 
[0j]Ej,  for  i  =  1,2,  we  indicate  this  relation  as  (Hi,0i,^i)  ^  (22,02,^2)-  It  is  a  variant  of  the  usual 
multiset  ordering  constructed  over  the  notion  of  subderivation. 

We  have  the  following  formal  derivation:  (Hi,0i,£i)  ^  (S2,02,^2)  holds  if  and  only  if  £i  ::  [0i]Si, 
^2  ••  [02]S2  5  and  any  one  of  the  following  cases  applies: 

♦  is  a  submultiset  of  £2  • 
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•  Si  =  S[,S'(,  where  S[  ::  [0i]H'i,  S'{  ::  [©i]H'/  and  Si  =  S'^^S'/, 

^2  =  4  where  [©2]^^,  [©2]H'2'  and  S2  =  e^,S^2', 

each  Si  in  Si  is  a  subderivation  of  S^^  and 

(S'/,©i,ff)-<(2g,©2,4')- 

•  5=^1,  where  ::  [©i]6,  6  =  (F;  A  b  A  •  5  =  F  •  5' :  a),  {(  ::  [©i]Hi  and  Si=6,H', 

S2  -  S2,  S2,  where  S2  ::  [©2]6,  =  (F;  A  h  F  •  5'  =  /i  •  5  :  a),  Si^  ::  [©2]22  and  S2  =  6,  ^'3, 

/i  is  a  rigid  head, 

(S1,©x,^1)-^(S',©2,4)- 

•  where  ::  [©i]6,  6  =  (F;  A  h  f/ •  5  =  F  •  S' :  a),  ::  [©ijS;  and' ^Si  =  6 , 2' , 

S2  =  S2,  S',  where  S2  ::  [©2]6,  6  =  (F;  A  h  f/  •  S  =  F  •  S'  :  a),  Sl  ::  [©2]S'2  and  S2  =  6,  S'^, 

(S',©i,S0^(S',©2,4). 

•  Si  =  Si, S',  where  Si  ::  [©i]6,  6  =  (F;  A  h  F  •  S' =  :  a),  Sj  ::  [©i]S'  and  Si=^i,S;, 

S2  =  S2,S^,  where  S2  ::  [©2k2,  6  =  (F;  A  h  F  •  S'  =  •  S  :  a),  S^  ::  [©2]H'2  and  S2  =  6,-3, 

(S'i,©i,S0^(S'2,©2,4). 

The  first  two  points  of  this  definition  correspond  to  the  usual  concept  of  multiset  ordering,  relative  to  the 
notion  of  subderivation.  The  third  point  specifies,  roughly,  that  a  flex-rigid  equation  is  to  be  considered 
smaller  than  the  symmetric  rigid-flex  equation.  We  interpret  the  last  two  points  as  indicating  that  weak 
head-reducing  one  of  the  sides  of  an  equation  yields  a  smaller  equation. 

This  ordering  is  well-founded  and  therefore  it  is  possible  to  base  an  inductive  proof  on  it. 

Lemma  3.5  {Well-foundedness  o/-<) 

-<  is  a  well-founded  ordering. 

Proof. 

This  simple  proof  proceeds  by  induction  on  the  above  definition.  Ef 


3.4.3  Non-Deterministic  Completeness 

On  the  basis  of  the  definitions  given  in  the  previous  section,  we  will  now  state  and  prove  that  our  pre- 
unification  algorithm  is  non-deterministically  complete  with  respect  to  the  notion  of  equality  discussed 
in  Section  2.4.  This  task  is  not  easy  since  we  need  to  formulate  proper  lemmas  for  each  of  the  judgments 
that  are  involved  in  the  construction  of  an  instantiating  term  for  a  logical  variable.  There  are  six  such 
judgments  and  therefore  we  will  need  six  auxiliary  lemmas,  each  stated  in  a  far  more  general  form  than 
necessary  at  the  point  where  they  are  used. 

Prior  to  doing  so,  we  will  need  the  following  technical  result  according  to  which  all  logical  variables 
appearing  in  an  instantiating  term  U  for  a  logical  variable  F  are  “new” ,  i.e.  different  from  every  variable 
appearing  in  the  equation  system  H  at  hand  or  in  the  substitution  constructed  so  far.  For  the  sake  of 
conciseness,  our  formalization  does  not  keep  an  accurate  account  of  the  logical  variables  in  use;  it  is 
straightforward  to  augment  it  with  this  information,  but  then  tedious  to  carry  around.  Therefore,  we 
will  rely  on  the  informal  notion  of  “new”  variable  we  just  introduced. 

Assumption  3.6  [Freshness  of  substitution  terms) 

i.  If  F;  A  h  S,A,  then  every  logical  variable  in  S  is  ‘'new'’; 

ii.  If  r;A  h  A^V,  then  every  logical  variable  in  V  is  “new”; 

Hi.  If  r;A  h  F  S'  5  or  r;A  h  A  a  ^  S,  then  every  logical  variable  occurring  in  S  is 
“new”; 
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iv.  //  F;  A  H  [/  /  yl  5  or  F;  A  h  A  5  ^  then  every  logical  variable  occurring  in  V  is 

^‘new\  □ 

The  validity  of  this  fact  is  easily  ascertained  by  inspection  of  the  rules  in  Figures  9  and  10. 

We  start  with  the  following  lemma  that  characterizes  the  behavior  of  the  spine  variable  raising  judg¬ 
ment  F;A  H  S,  A  defined  in  Figure  10.  In  its  general  form,  it  states  that  every  well-typed  term 
can  be  obtained  from  a  redex  whose  spine  part  can  be  produced  by  means  of  that  judgment  and  whose 
head  is  in  the  —raise  relation  with  the  original  term. 

Lemma  3.7  [Spines  in  variable  raising) 

If  F;A  hs  U  \  a  with  U  canonical,  then,  for  all  contexts  Fi,  F2,  Ai  and  A2  such  that  (Fi,F2); 
(A1.A2)  =  F;  A,  there  exist  a  type  A,  a  canonical  term  V  and  a  canonical  spine  S  such  that 

.  Fi;Ai  hs  K:  A 

•  Fo;  A2  Hs  5  :  A  >  a, 

•  F25  A2  b  a  S,  A, 

•  Can(V  ^S)  =  [/, 

•  V  —raise  U . 

Proof. 

Given  a  partition  (Fi,  F2);  (Ai,  A2)  of  the  context  F;  A,  we  proceed  by  induction  on  the  structure  of 
F2;  A2.  There  are  three  cases  to  consider: 

r2  =  •  and  A2  = 

We  have  therefore  that  Fi;  Ai  =  F;  A.  Now,  simply  set  A  :=  a,  V  —  U  and  S  =  NIL.  Then, 

•  F;  A  hs  [/  :  a  by  assumption, 

•  S  •  bs  NIL  :  a  >  a  by  rule  IS  mil, 

•  •  b  NIL,  a  by  rule  raisemil, 

•  Can(f/  ■  nil)  ~  U  hy  rule  Sr_nil  (notice  that  U  must  be  a  root),  and 

•  U  =raise  U  by  definition  of  _  —raise  - 
This  concludes  this  case  of  the  proof. 

A2  =  T2  arbitrary: 

By  induction  hypothesis,  there  are  a  type  A\  a  canonical  term  V'  and  a  canonical  spine  S'  such 
that 

•  U  ::Ti;Aux:B  bs  V'  :A', 

0  5::F2;A'2  bs  S'  :  A' >  a, 

•  7^::F2;A'2  b  a^S',A', 

•  Can(l/'- 50  =  ^7,  and 

•  —raise  tJ . 

We  obtain  the  desired  result  by  taking  A  ~  B  ~o  A' ,  V  =  Xx :  B.V'  and  S  —  x^'^S' .  Clearly,  V  is 
canonical,  and  so  is  S  since  both  x^  and  S'  are.  Moreover, 

•  Fi;Ai  bs  Xx'.B.V'  :  B  ~o  A'  by  rule  IS  Jlam  on 

•  F2 ;  A2,  iT  :  B  bs  [x^  ",  S')  :  B  -o  A'  >  a  by  rule  IS  Japp  on  S  and  a  derivation  of  the  judgment 

T2-,x:B  hs  :  B, 

which  exists  by  virtue  of  Corollary  2.26  and  weakening  (Lemma  2.1). 


•  T2]A2^x:B  h  a  ^  ,  B -o  A'  by  rule  raise  Japp, 

•  Can{{Xx :  B.  V^)  •  [x^^ff))  =  Cn.n{[x^ / x]V^  •  5')  =  Can(l/'  ^  ff)  —  U  where  the  second  step 
makes  use  of  Corollary  2.28,  and 

•  Xx'B.V  ^raise  U  Since  V  — raise  U. 

r2  =  r2,a?:S,  A2  arbitrary: 

We  proceed  as  in  the  previous  case.  sf 


In  the  sequel,  we  will  always  use  the  special  instance  of  the  previous  lemma  obtained  by  choosing  Fi 
and  Ai  to  be  the  empty  context,  as  expressed  by  the  following  corollary. 

Corollary  3.8  [Spines  in  variable  raising) 

If  F;  A  l-£  U  :  a  with  U  canonical,  then  there  exist  a  type  A,  a  canonical  term  V  and  a  canonical 
spine  S  such  that 

•  He  F:  J, 

•  F;  A  i“E  S  :  A  >  a, 

•  F;A  h  a  <^5,  A 

•  Can(T/.5)  =  C/, 

•  ^ raise  U . 

Proof. 

A  proof  of  this  corollary  is  obtained  from  the  previous  lemma  by  choosing  Fi  =  Ai  =  -,F2==F  and 
A2  =  A.  sf 

This  corollary  is  used  only  in  the  following  lemma  that  highlights  aspects  of  the  behavior  of  the 
variable  raising  judgment  F;  A  h  A  V,  defined  in  Figure  10.  In  particular,  the  substitution  0  it 
postulates  is  only  defined  on  the  (^‘new”)  variables  in  the  term  V. 

Lemma  3.9  ( Variable  raising) 

If  F;  A  hs  U  :  A  with  U  canonical,  then  there  is  a  canonical  term  V  and  a  canonical  substitution  0 
such  that 

•  T]A\-  A^V, 

•  F;A  He  [e]V  =  U  :  A, 

•  lm(0)  □  U. 

Proof. 

The  proof  proceeds  by  induction  on  the  structure  of  A.  We  will  analyze  the  most  significant  cases. 
Recall  that  we  requires  the  domain  of  a  substitution  to  be  disjoint  from  its  range. 

A  =  a:  By  the  previous  corollary,  there  exist  a  type  B,  a  canonical  term  and  a  canonical  spine  S 
such  that 

•  l-E  U'  :B, 

•  F;  A  Fe  S  :  B  >  a, 

•  Fj  A  b  a  Sj  B, 

•  Can(/7'  ^S)  =  U, 

•  JJ  JJ . 

Let  0  U'/F  and  V  =  F  •  S,  Both  0  and  1/  are  clearly  canonical.  Then, 
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♦  r;AI-a<^l^  by  rule  raise^xoot. 

•  r;A  hs  [Q]V  —  U:a  by  the  completeness  of  staged  equality  (Theorem  2.18)  since  [Q]V  = 
[U^/F]{F  .  5)  =  t/'  •  5  and  Can(Cl'  •  5)  =  [/. 

•  lm(0)  □  by  definition  of  C  since  lm(0)  =  and  U'  —raise  U . 

A  =  Ti  By  inversion  on  the  typing  rules,  we  have  that  [/  =  ().  Set  0  =  •  and  V  =  {).  Indeed, 

♦  F;  A  h  0  by  rule  raise_unit. 

•  F;  A  hs  0  =  0  :  a  by  rules  Seq.unit. 

♦  ‘  E  ()  by  definition  of  □. 

A  =  Ai  &  A2:  Then,  by  inversion  on  rule  lS_pair,  U  =  {U\^U2)  and,  for  i  =  1,2,  F;  A  hs  Ui  :  Ai  is 

derivable  and  Ui  is  canonical.  By  induction  hypothesis,  there  are  canonical  terms  Vi  and  canonical 

substitutions  0*  such  that 

•  F;A  h 

•  F;A  hs  [ei]Vi^Ui  :Ai,  and 

♦  lm(0i)  □  Ui. 

By  Assumption  3.6,  we  have  that  VJ-,  and  therefore  0^,  mention  distinct  logical  variables.  Thus,  we 
can  form  the  substitution  (0i ,  02)  without  violating  the  requirement  that  the  domain  and  the  range 
of  a  substitution  be  disjoint.  Moreover,  [0i,02]Vf  =  [©7]Vi  and  Im(0i,02)  =  (lm(0i), Im(02)). 
Then  the  term  {Vi,  V2)  and  the  substitution  0i,02  are  canonical,  and  moreover 

•  F;  A  h  AiSzA2^  (Vi,  V2)  by  rule  raise_pair. 

♦  F;A  f-s  [eue2]{VuV2)  =  {UuU2)  :  A1&A2,  since  [0i,  02]  (^1, 1^2)  -  ([©i,  02]I^i,  [©i,  e2]I^2) 

([©i]I^i,[02]F2). 

#  Im(0i,02)  =  (lm(0i),  Im(02))  C  {Ui,U2}  by  definition. 

A  =  Ai  — 0  A2:  Then,  by  inversion,  U  =  Xx  :Ai.U'  for  ?7'  canonical,  and  F;  A,a? :  Ai  U'  :  A2  is 
derivable.  By  induction  hypothesis,  there  is  a  canonical  term  and  a  canonical  substitution  0 
such  that 

♦  T;A,x:Ai  h  A2^V', 

♦  F;A,^:Ai  Hs  [0]^  =  f/' :  A2,  and 

•  lm(0)  E  U'. 

Then  Xx:Ai.V^  is  canonical  and 

•  F;A  b  Ai-o  A2  ^Xx'.Ai.V^  by  rule  raise Jlam. 

#  F;  A  hs  [0](Aa:? :  Ai.  V^)  =  Xx:Ai.U^  :  Ai  -o  A2  by  rule  SeqJlam  and  definition  of  substi¬ 
tution  application. 

•  lm(0)  nXx:Ai.U'  by  definition. 

A  =  Ai  ^  A2:  The  proof  proceeds  similarly  to  the  previous  case.  Ef 


We  will  now  consider  the  judgments  having  the  function  of  building  the  terms  and  spines  of  an 
instantiating  term  obtained  by  projection  and  imitation.  These  four  judgments  were  defined  in  Figure  9 
and  rely  on  the  variable  raising  judgments.  The  corresponding  lemmas  will  use  the  result  we  just  obtained. 

We  begin  with  a  characterization  of  the  judgment  F;  A  h  A  ^  a  ^  So  that  builds  the  spine  So  of 
an  instantiating  term  obtained  by  projection. 

Lemma  3.10  {Spines  in  projection) 

If  5  ::  F;A  5  :  A  >  a  for  S  canonical,  then  there  is  a  canonical  spine  So  nnd  a  canonical 
substitution  0  such  that 

•  T‘Ah  Ai^  a^So, 
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♦  r;A  hs  [e]So  =  S:A>a, 

•  lm(0)  □  5. 


Proof. 

This  proof  proceeds  by  induction  over  the  structure  of  the  type  yl,  or,  equivalently,  of  the  derivation 
5.  We  have  the  following  cases  depending  on  the  last  rule  applied  in  S: 

lS_riil:  Then,  by  inversion, 

S  — - ISjtiil 

F;  •  hs  NIL  :  a  >  a 

with  A  =  a,  S  =  NIL  and  A  =  •. 

Then,  take  So  =  NIL  and  0  =  •,  which  are  trivially  canonical.  Thus 

•  F;  •  h  a  45  a  NIL  by  rule  frp  jiil. 

•  F;  •  hs  [0]nil  =  nil  :  a  >  a  by  rule  Seq_nil. 

•  •  □  NIL  by  definition  of  □. 

lS_fst:  We  have  that 

F;A  hs  5'  :^i  >a 

5  — - lS_fst 

F ;  A  hs  TTi  S'  :  Ai  &  A2  >  0, 
with  A  =  AikA2  and  S  =  tti  S'  for  S'  canonical. 

By  induction  hypothesis  on  S' ,  there  is  a  canonical  spine  5'  and  a  canonical  substitution  0  such 
that  F;  A  f-  a  5'  and  F;  A  hs  [0]5'  —  S'  :  Ai  >  a  are  derivable,  and  lm(0)  C  S', 

Then, 

•  F;  A  h  Ai  k  A2  ^  a  ^  7Ti  S'^  by  rule  frp  J*st. 

•  F;  A  Hs  [0](7ri  5')  =:  tti  S'  :  Ai  k  A2  >  a  by  rule  Seqjfst  and  the  definition  of  substitution 
application. 

•  lm(0)  C  TTi  S'  by  definition. 

Observe  that  tti  5^  is  canonical  since  5'  is. 

lS_snd:  We  reason  symmetrically, 

IS  Japp:  By  inversion,  we  have  that 

U  S' 

F;A'  hs  U:Ai  F;A"  S'  :  A2  >  a 

S  = - IS  Japp 

F;A',A"  hs  U]S'  :  >a 

where  A  Ai  -o  A2)  S  =  U1,  S'  and  A  ==  A',  A".  Both  U  and  S'  are  canonical. 

By  the  variable  raising  lemma  3.9  applied  to  U,  there  are  a  canonical  term  V  and  a  canonical 
substitution  0'  such  that  F;  A'  h  1^,  F;  A'  [Q']V  =  U  :  Ai  and  lm(0')  C  U. 

By  induction  hypothesis  on  5' ,  there  are  a  canonical  spine  5'  and  a  canonical  substitution  0"  such 
that  F;  A"  \-  A2  a  ^  S'^  and  F;  A"  hs  [0"]5'o  =  S'  :  A2  >  a  are  derivable,  and  lm(0")  C  5' . 

By  Assumption  3.6,  we  have  that  V  and  5'  (or  equivalently  0'  and  0")  mention  distinct  logi¬ 
cal  variables.  Therefore,  the  domain  and  the  range  of  the  substitution  (0',0")  are  disjoint  and, 
moreover,  ([0']7;[0n5' )  =  [&,&']{¥';  S',)  and  lm(0',0")  =  (lm(0'),  lm(0")).  Then, 

•  F;  A',  A"  h  Ai  -o  A2  4*^^  a  ^  S',  by  rule  frp  Japp. 

•  F;  A',  A"  hs  [0']I^^[0^']5'  =  U';S'  :  Ai -o  A2  >  a  by  rule  SeqJapp. 

•  lm(0',0'')  =  (Im(0'),Im(0"))  QU^,S'  by  definition. 
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Moreover,  and  (0',0'')  are  canonical. 

IS  Japp:  This  part  of  the  proof  is  similar  to  the  previous  case. 


Ef 


On  the  basis  of  this  result,  we  have  the  following  lemma  which  describes  how  an  instantiating  term 

V  for  a  logical  variable  F  is  obtained.  Observe  that  this  property  postulates  the  validity  of  an  instance 
of  the  strict  relation  □,  while  the  previous  lemma  made  use  of  the  non-strict  form  C. 

Lemma  3.11  (Projectwn) 

If  1/  ::  F;  A  U  :  A  for  U  canonical,  S  A  and  Hs{U)  =  x,  then  there  exist  a  canonical  term 

V  and  a  canonical  substitution  0  such  that 

^  T;A\-  Ar 

♦  r;A  hs  [e]V=U:A, 

•  lm(0)  C  U, 

Proof. 

The  proof  proceeds  by  induction  on  the  type  A  and  inversion  on  the  structure  of  S. 

S  =  NIL:  Then,  by  definition  of  we  have  that  A  —  a. 

By  inversion  on  W,  we  obtain  that  U  =  H  -S'.  Since  U  is  in  canonical  form  and  Hs{U)  =  x,  we  have 
that  H  =  X.  The  parameter  x  can  be  either  linear  or  intuitionistic:  this  gives  rise  to  two  subcases. 

x:B  in  A:  By  inversion  on  rule  ISJvar,  there  is  a  derivation  of  r;A'  S'  :  B  >  a,  where 
A  =  A',x  :  B.  By  the  previous  lemma,  there  are  a  canonical  spine  So  and  a  canonical 
substitution  0  such  that  T;A'  h  B  a  So,  r;A'  He  [S]So  —  S'  :  B  >  a  and 
lm(0) 

Then,  ior  V  —  x  ^  So,  which  is  certainly  a  canonical  term,  we  can  therefore  conclude  that 

♦  r ;  A',  x:B  \-  NIL  ^  x  •  So  by  rule  frp Jvar . 

#  F;  A',  x:B  \-Y,  [9](^  •  So)  ^  x  ‘  S'  \  a  hy  rule  SeqJvar. 

•  lm(0)  Cl  ar  •  5',  by  definition. 

a; :  in  F:  Similar. 

S  =  TTi  5':  By  definition  of  we  have  that  A  =  AihA2  and  5' 

By  inversion  on  rule  IS.pair,  we  also  have  that  U  =  {Ui,  U2)  and  Ui  ::  F;  A  He  Ui  :  Ai,  for  i  =  1,  2. 
Clearly,  since  U  is  canonical,  so  are  Ui  and  U2>  Moreover,  by  definition  of  relative  head,  we  have 
that  Hs{U)  - 

Then,  by  induction  hypothesis  on  Ai,  there  are  a  canonical  term  Vi  and  a  canonical  substitution 
01  such  that  F;  A  H  Ji  5'  ^  Fi,  F;  A  He  [0i]f^i  ~Ui:  Ai  and  lm(0i)  □  Ui. 

By  the  variable  raising  lemma  3.9  applied  to  U2,  there  are  a  canonical  term  V2  and  a  canonical 
substitution  02  such  that  F;  A  H  ^2  ^  V2,  F;  A  He  [02]F^2  =  112  ■  A2  and  Im(02)  C  tf2- 

By  Assumption  3.6,  we  have  that  Vi  and  V2,  and  consequently  0i  and  02,  do  not  to  have  logical 
variables  in  common.  Therefore,  the  substitution  (0i,02)  satisfies  our  disjoinctness  requirement 
and,  moreover,  [0i,  02]K’  =  [Qi]Vi  and  lm(0i,  02)  =  (lm(0i),  Im(02)).  A  consequence  of  this  fact 
is  that  (01,02)  is  canonical,  (ij,  V2)  is  canonical  as  well,  since  both  components  are.  Moreover, 

•  F;  A  H  Ai  &  A2  tti  5'  ^  (Vi ,  V2)  by  rule  frp_pairl. 

•  F;A  He  [Bi,  02](Vi,  F2)  =  j  ^^2)  :AiSzA2  by  rule  Seq.pair. 

•  Im(0i,02)  =  (Im(0i),Im(02))  iZ  {Ui,U2)  since  lm(0i)  C  Ui  and  Im(02)  C  1/2^ 

S  =  7r2  S'l  We  proceed  symmetrically  to  the  previous  case. 
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5  =  t/' ;  5':  We  have  that  A  =  Ai  —o  A2  and  S'  -i-  A2. 

By  inversion  on  rule  ISJlam,  U  —  \x  :  Ai.U"  and  r;A,a?  :  Ai  hs  U"  :  A2.  Clearly,  U"  is 
canonical. 

By  induction  hypothesis  on  A2 ,  there  are  a  canonical  term  V'  and  a  canonical  substitution  ©  such 
that  T,A,x:Ai  h  A2  V  S'  ^  V' ,  T;A,x:Ai  hs  [e]V'  =  U"  :  A2  and  Im(e)  □  U".  Then, 
Xx:Ai.  V'  is  canonical  and 

•  F;  A  h  -o  A2  ^  Xx:Ai,  V'  by  rule  frpJlam. 

•  FjA  hs  [Q]{Xx:Ai.V')  =  Xx:Ai.U":Ai-oA2  by  rule  SeqJlam. 

•  lm(0)  □  Xx:Ai.U"  by  definition. 

5  =  U';  S':  We  proceed  as  in  the  previous  case. 


Similar  results  hold  for  the  imitation  judgments  and  the  same  observations  apply.  The  premisses 
of  the  lemmas  below  are  slightly  more  complicated  than  in  the  case  of  projection  since  the  imitation 
judgments  mention  more  information.  However,  this  does  not  add  complexity  to  the  proofs. 

Lemma  3.12  {Spines  in  imitation) 

If  5  ::  F;  A  hs  S  :  A  >  a  for  S  canonical  and  5  ~  5,  then  there  is  a  canonical  spine  So  and  a 
canonical  substitution  0  such  that 

♦  F;A  h 

♦  F;A  hs  [0]5c  =  S:  A>a, 

♦  lm(0)  C  5. 

Proof. 

We  proceed  by  induction  on  the  structure  of  A  in  very  similar  fashion  to  the  way  we  handled  the 
proof  of  the  analogous  result  in  the  case  of  projection  (Lemma  3.10).  The  major  difference  is  manifested 
by  the  treatment  of  the  conjunctive  cases.  We  illustrate  this  point  by  carrying  out  the  proof  in  the  case 
S  ends  in  rule  lS_fst. 

lS_fst:  We  have 

F;A  hs  5'  >a 

S  = - lS_fst 

F;A  He  ttiS'  >  a 

with  A  =  Ai  &  ^2  and  S  =  tti  S'  for  S'  canonical. 

Since  5  ~  5,  we  have  that  S  =  tti  S'  and  S'  ^  S' .  We  can  therefore  apply  the  induction  hypothesis 
on  Ai,  We  obtain  that  there  are  a  canonical  spine  5'  and  a  canonical  substitution  0  such  that 
F;  A  h  74i  4-^  S'  ^  S'^  and  F;  A  He  [Q]*?'  =  S'  :  Ai  >  a  are  derivable,  and  lm(0)  □  5' .  Then, 

♦  F;  A  h  fe  ^2  4-^  TTi  S'  ^  TTi  5'  by  rule  friJfst. 

♦  F;  A  hs  [0](7ri  5')  =  tti  S'  :  Ai  k  A2  >  a  by  rule  Seq_fst  and  the  definition  of  substitution 
application. 

♦  Im(©)  □  TTi  S'  by  definition. 

Clearly,  tti  S'^  is  canonical.  Ef 

The  above  result  is  used  in  the  following  lemma.  It  describes  the  properties  of  the  judgment  F;  A  h 
c  •  S  /  A'fl^  S  ^  V  which  constructs  an  instantiating  term  V  by  imitation.  Recall  that,  by  the  relative 
heads  lemma 3.3,  Hs{U)  =  c  entails  that  Can({7 -S')  =  C’S*  for  some  canonical  spine  5*,  but  the  opposite 
implication  does  not  hold.  Therefore  we  need  both  premisses  in  the  property  below  in  order  to  expose 
5*. 
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Lemma  3,13  [Imitation) 

//  Z/  ::  F;  A  hs  U  \  A  for  U  canonical,  S A,  HsiU)  =  c  for  c:B  in  E,  Can(f/  -5)  =  c  -  S* ,  and 
S*  ^  S,  then  there  exist  a  canonical  term  V  and  a  canonical  substitution  0  such  that 

•  r;A  h  c^S/At  S^V, 

•  r;A  hs  [e]V=U  :  A, 

•  lm(0)  C  U. 

Proof. 

This  proof  is  conducted  similarly  to  the  case  of  projection  we  analyzed  in  Lemma  3.11,  i.e.  by  induction 

on  the  type  A  and  inversion  on  the  structure  of  5.  The  main  difference  appears  in  the  base  case,  i.e. 

when  S  ==  NIL.  We  will  analyze  this  case  only. 

S  =  NIL:  By  definition  of  -f,  we  have  that  A  =  a. 

By  rule  Sr  jiil  Can(C/  ■  NIL)  ~  U  =  c  •  S*  for  c :  B  in  E  and  some  spine  S*  (by  inversion,  U  must 
be  a  root).  By  inversion  on  rule  lS_con,  ::  F;  A  S*  :  B  >  a  is  derivable.  Moreover,  S*  is 
canonical. 

By  the  previous  lemma  applied  to  S* ,  there  are  a  canonical  spine  So  and  a  canonical  substitution 
0  such  that  F;  A  h  G  5  5o,  F;  A  hs  [&]So  =  S*  :  B  >  a  and  lm(0)  □  S\ 

We  obtain  the  desired  conclusion  by  the  following  observations: 

♦  F;A  h  NIL  ^  c  •  So  by  rule  fri.con. 

♦  F;  A  hs  c  •  [0]5o  =  C'  S*  :  A  by  rule.Seq_con,  from  which  we  get  F;  A  hs  c-  [0]5o  ~U  \  A 

by  rule  Seq_redex_r. 

♦  lm(0)  IZ  c  ♦  5*  by  definition. 

Moreover,  c  •  5'  is  canonical.  eT 


With  the  help  of  the  various  properties  we  just  proved,  we  can  tackle  the  proof  of  the  non-deterministic 
completeness  of  our  linear  pre-unification  algorithm  with  respect  to  the  notion  of  staged  equality  defined 
in  Figure  5,  and  therefore,  by  Theorem  2.18,  with  respect  to  definitional  equality  for  .  This  result 

is  expressed  in  the  following  theorem. 

Theorem  3.14  [Completeness  of  linear  pre-unification) 

Given  a  system  of  well-typed  equations  S  and  a  well-typed  canonical  substitution  0  such  that  E  ::  [0]S, 
there  are  substitutions  Qff  and  0',  and  a  system  of  flex-flex  equations  3ff  such  that 

•  0  ~  O  0  )|  dom(0) } 

Proof. 

We  prove  this  theorem  by  nested  induction  on  the  image  of  0  considered  relative  to  the  well-founded 
ordering  □  and  on  the  triple  (H,  0,  ^)  relative  to  the  well-founded  ordering  -<;  both  orderings  were  defined 
in  the  previous  section.  Therefore,  we  allow  ourselves  to  appeal  to  the  induction  hypothesis  every  time 
we  are  considering  a  situation  characterized  by  a  system  of  equations  S',  a  substitution  0'  and  a  multiset 
of  derivations  E^  such  that 

1.  Im(0')  □  lm(0),  E'  and  E  are  arbitrarily  related  and  so  are  S'  and  S,  or 

2.  0'  =  0,  but  (S',0,r)  ^  (S,0,£). 

We  distinguish  the  following  (non-exclusive)  cases  based  on  the  contents  of  S. 


46 


S^:  E  consists  only  of  flex-flex  equations. 

Simply  take  0,  0'  =  •  and  =  E.  We  obtain  the  desired  result  as  follows: 

•  0  =  Can(0  o  •)!  dom(©)  since  0  o  ♦  =  0,  and  0|  dom(©)  =  ©  and  moreover  0  has  been  assumed 
canonical. 

•  Use  S  3iS  Sff . 

•  by  rule  puJf. 

S',  ^  with  ^  =  (F;  A  H  Si  =  S2  i  A  '>  a):  E  contains  a  spine  equation.  We  further  distin¬ 
guish  cases  on  the  structure  of  the  type  A.  We  analyze  three  representative  situations.  The 
remaining  cases  are  handled  similarly.  Let  S  be  the  assumed  derivation  of  [0]^  and  5'  ::  [0]S',  so 
that  £  =  £. 

A  =  a':  By  inversion  on  rule  Seq_nil,  we  have 

£  rr - Seq_nil 

L;  ♦  hs  NIL  NIL  :  a  >  a 

where  [0]5i  =  [&\S2  =  nil,  a'  =  a  and  A  =  ♦. 

We  can  apply  the  induction  hypothesis  on  S'  and  0  since  5'  is  a  submultiset  of  £  and  therefore 
(S',0,^^')  ^  (S,0,£^).  Thus,  we  deduce  that  there  are  substitutions  Qff  and  0'  and  a  system 
of  flex-flex  equations  Eff  such  that 

•  0  =  Can(ejgp  O0')|doin(©), 

•  %  -  [%]%  and 

•  X' ■.■.E'\Eff,&. 

In  order  to  conclude  this  case,  simply  apply  rule  pu  Jiil  to  X'  to  obtain  the  desired  derivation 

df  of  (S',0\%,e'. 

A  =  Ai  ^  A2:  By  inversion,  there  are  two  subcases  to  consider:  either  £  ends  in  rule  Seqjfst, 
or  in  rule  Seq_snd.  We  will  examine  the  first  of  these  alternatives.  The  second  is  handled 
similarly.  By  definition  of  substitution  application,  we  have 

£^ 

r;Ahs  [0]5i  =  [0]5^  :  >  a 

£  zz -  Seq_fst 

r;A  hs  [0](7ri5l)  =  [0](7ri5^):>li&A2>a 

with  Si  =  TTi  S'l  and  52  =  ttj  5^.  Let  =  (L;  A  h  S'l  =  S'2  :  Ai  >  a). 

By  definition,  0,  (5',  5'))  (H,0,5).  By  induction  hypothesis  on  0  and 

there  are  Q',  Qff  and  such  that 

•  0  =  Gan(0jgF  o  0')|  dom(©), 

•  %  [%]%  and 

.  df'  ::E',^'\E^,0'. 

The  derivation  X  is  constructed  by  applying  rule  pu_fst  to  X': 

E',(r;AI-  S[=S'2:Ai>a)\Eff,eff 

- pu_fst . 

H',(r;AI-  ^i5i  =  7ri5^;Ti&.42>a)\E^,0^ 

A  =  Ai  — o  A2:  By  inversion,  we  have  that 

S'  £" 

T;  A'  hs  [0]17i  =  [0]C/2  :  ^1  T;  A"  hs  [0]5J  =  [0]5^  :  T2  >  a 

S  =  - SeqJapp 

T;  A',  A"  hs  [0](C/i  ;5i)  =  [0](7ri  U^S'^)  -.Ai^A^ya 
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with  A  =  A',  A",  51  ;5J  and  S2  =  t/2  Let  <e'  ==  (L;  A'  h  Ui  ^  U2  :  ^1)  and 

^"  =  (r;A''h  5;:=5^:^i>a). 

By  definition^  ((S',  0,  (5',  5'))  ^  (2,0,5).  By  induction  hypothesis,  there  are  0',  Qjj 

and  ’Eff  such  that 

♦  0  —  Can(0j^  o  0  )j  dom(©)  3 

•  %  [®#]% 

The  required  derivation  X  is  then  obtained  by  applying  rule  puJapp  to  T". 

S  =  S,  ^  with  ^  =  (F;  A  h  :=z  U2  •  A):  2  contains  a  term  equation  that  is  not  flex-flex.  Again, 
we  proceed  by  cases  on  the  structure  of  A,  The  situations  in  which  A  is  not  a  base  type  are  handled 
similarly  to  the  case  of  spines  above.  We  will  not  go  into  further  details.  More  interesting  are  the 
cases  where  A  is  some  base  type  a. 

By  inversion,  Uj  =  Hi  -  Si  for  i  =  1, 2.  We  will  distinguish  cases  on  the  nature  of  the  heads  Hi  and 
H2.  We  first  consider  the  situations  where  either  or  both  are  terms,  so  that  Ui  or  U2  is  a  redex. 
Once  these  cases  are  taken  care  of,  Hi  can  be  either  a  constant,  a  parameter  or  a  logical  variable. 
Then,  we  distinguish  three  cases  depending  on  whether  Hi  and  H2  are  rigid  or  flexible  heads  (by 
assumption.  Hi  and  H2  cannot  be  both  flexible). 

Again,  we  will  indicate  with  5  and  £'  the  assumed  derivations  of  [0](^  and  [0]2',  respectively.  We 
have  that  S  =  5',  5. 

Redex-redex:  Let  Hi  =  Vi  and  H2  =  V2^  By  inversion  on  the  structure  of  5,  this  derivation  can 
end  either  in  rule  Seq_redexT  or  Seq_redex_r.  We  will  assume  that  the  first  of  these  rules 
is  used.  The  other  alternative  is  treated  symmetrically.  Therefore, 


S' 


r;Ahs  [©](l"i-5i)-[0](i72-52):a 

S  = - Seq_redex_l. 

r;Abs  [0](Fi.5i)  =  [0](Lf2-52):a 


Given  a  generic  term  U  and  substitution  0,  an  easy  induction  on  the  structure  of  U  suffices  to 
show  that  [0]?7  ~  [0](7-  Thus,  S'  is  also  a  derivation  of  F;  A  hs  [0](f4  •  Si)  ==  [0](i^2*S'2)  •  a* 
Therefore,  by  rule  Seq_redex  J,  there  is  a  derivation  S"  of 


r;A  bs  [0](Fi-5i)  =  [0](^2-52)  :a. 

Let  e'  =  (L;  A  f-  =  H2  ^  S2  :  a). 

By  the  definition  of  from  Section  3.1,  we  have  that  ((2^^"),  0,  (5^  S"))  (2,  0,  S).  There¬ 

fore,  we  can  apply  the  induction  hypothesis,  obtaining  that  there  are  substitutions  and  0' 
and  a  system  of  flex-flex  equations  2j^  such  that 

•  ©  =  Can(e^  o©')|dom(©), 

*  %  [%]%  and 

Then,  by  applying  rule  pu_redexJ  to  X'^  we  obtain  the  desired  derivation  T  of  2  \  2j^,  0'. 
Redex-any:  We  proceed  similarly  to  the  previous  case. 

Any-redex:  The  treatment  of  this  case  is  again  similar. 

Rigid-rigid:  We  proceed  similarly  to  the  cases  of  spine  equations  and  term  equations  of  composite 
type. 

Rigid-flex:  By  assumption,  we  have  that  S  ::  F;  A  hs  [0](/i  •  Si)  ~  [0](5  •  S2)  :  a,  where  h  is 
some  rigid  head. 
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Since,  by  Lemma  2.19,  the  equality  judgment  induces  a  congruence  over  terms,  there  is  a 
derivation  of  F;  A  hjj  [0](-F  •  52)  =  [0](/i  •  ^i)  :  a.  Let  F;  A  h  F  •  S2  —  h  •  Si  :  a. 
Now,  by  definition,  ((S',  0,  (^',  5'))  -<  (S,0,^).  Therefore,  we  can  apply  the  induction 

hypothesis  and  obtain  substitutions  0'  and  Qff  ^  and  a  flex-flex  equation  system  Eg  such  that 

•  0  —  0^^(0#  ^  ^  dom(0)  j 

where  ^'  =  (F;  A  h  F  ^  S2  =  h  •  Si  :  a).  We  obtain  the  desired  derivation  E'  by  applying  rule 
pu-rf  to  A!'. 

Flex-rigid:  Then,  ^  =  (F;  A  h  F  •  Si  =  h  •  S2  '  ci)^  where  F  has  type  A'  in  the  current  variable 
pool  From  the  existence  of  5,  we  infer  that  0  =  {Q*^U/F)  for  some  canonical  term  U 
and  substitution  0*.  Moreover,  since  0  is  assumed  to  be  well-typed,  U  :  A'  has  a 

derivation  If . 

We  will  distinguish  cases  on  the  value  of  Hs^iU),  which  exists  since  A'  is  the  type  of  U  and 
the  source  type  of  5i . 


HsAU)  =  G,  for  some  logical  variable  G. 

This  case  cannot  arise  since  otherwise  0  would  not  be  a  solution  of  H.  Indeed,  by  the 
relative  heads  lemma  (Lemma  3.3),  Can([0](F  •  5i))  =  Can(?7  •  [0]5’i)  =  G  •  5^,  for 
some  canonical  spine  5^.  On  the  other  hand,  Can([0](/i  •  52))  =  ^  and  h  ^  G^hy 
assumption. 

HsAU)  =  x,  for  some  parameter  x  such  that  x  :B  appears  in  F  or  in  A.  In  this  situation, 
the  resolution  of  ^  (and  S)  proceeds  by  projection. 

We  omit  the  easy  proof  by  induction  on  £  that  Si  A  A'.  Moreover,  by  assumption,  U  is 
canonical,  Hsi{U)  =  x  and  If  U  :  A'.  We  are  therefore  in  the  conditions  of 

applying  the  projection  lemma  (Lemma  3.11).  We  deduce  then  that  there  exist  a  canonical 
term  V  and  a  canonical  substitution  0  such  that 


•  hs  [e]V  =  U:A', 

•  lm(0)  □  U. 

By  Assumption  3.6,  we  have  that  V  and  0  mention  logical  variables  that  are  distinct  from 
any  variable  appearing  in  E  or  0.  In  particular,  (0  o  0*)  =  (0,  0*),  and  [0]0*  =  0*  and 
also  [0*]i/  =  V,  From  this  fact,  we  can  deduce  the  following  sequence  of  equalities: 


e\[e]v/F 

3.  [0]0*,[0]1//F 

..  (0o(0M//F))|j.,dom(0^) 

=  (0o(0*oy/F))|dom(0) 

=  ((0o0*)o7/F)|dom(0) 


since  [0]0*  =  0*, 

by  definition  of  composition, 

since  [0*]1^  =  V  and  dom(0)  =  (F,  dom(0*)), 

by  the  associativity  of  substitution  composition. 


By  a  simple  induction,  it  is  possible  to  ascertain  that  [0]5,  i.e.  [0*,  U/F]E,  has  a  derivation 
if  and  only  if  [0*,[0]V/F]H  has  one.  Therefore,  by  the  above  equalities  and  the  fact 
that  E  contains  only  variables  that  are  in  dom(0),  we  have  that  there  is  a  derivation  of 
[(0  o  0*)  o  V/F]E,  i.e.,  by  definition  of  substitution  application,  of 


[eo0*]([K/F]H). 

Since  lm(0)  C  U  and  (0o0*)  zr  (0,0*),  we  have  that  Im(©o0*)  =  (lm(0),  lm(0*))  (Z 
{U,  lm(0*))  =  lm(0*,  U/F)  =  lm(0).  Notice  also  that  the  substitution  0o0*  is  canonical 
since  it  corresponds  to  (0,0*)  and  both  components  are  canonical.  We  can  therefore  apply 
the  induction  hypothesis  obtaining  that  there  exist  substitutions  0"  and  Qff  and  a  flex-flex 
system  Eff  such  that 

•  000*=  Can(0jgr  O  0")|  dom(0o©-)  - 
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*  %  "  and 

*  X'::[V/F]E\Eff,e". 

Since,  by  the  soundness  of  staged  equality  (Theorem  2.17),  U  =  Can([0]K),  the  sequence 
of  equalities  above  entails  also  that  ©  =  Can((©  o  0*)  o  V/F)\  dom(0)- 
In  order  to  conclude  this  subcase  of  the  proof,  we  take  0'  =  Q"  oV/F,  while  keeping  Qff 
and  Eff  unchanged.  Then, 

*  © 

=  Can((0o0*)ot^/F)|dom(0) 

=  Can(Can(0jgF  O  0")|  dom(©o0*)  ®  ^/ ^)\  dom(0) 

=  Can(Can(0^  o  0")  o  K/T’)|dom(0) 

=  Can((0^o0")ol//T’)|d,„(0) 

=  Can((0^  o  0"),  [0^  o  Q"]V/F)\ dom(©) 

=  Can(0^,  [0^]0",  [0^]([0"]V^/F))|dom(0) 

=  Can(0jy,  [0^](0",  [0"]F/i^)|dom(6) 

=  Can(0^o(0"oK/T’))|dom(©) 

♦  Sff  remains  unchanged. 

•  T  E \  Eg,  [Q"  o  V/F)  by  rule  pu_fr_proj  applied  to  X' . 

HsAU)=c,  for  some  constant  c  of  type  B  declared  in  S.  The  equation  ^  will  be  processed 
by  imitation. 

We  proceed  similarly  to  the  case  we  just  analyzed,  but  rely  on  the  imitation  lemma 
(Lemma  3.13)  rather  than  on  the  projection  lemma.  Moreover,  we  conclude  the  proof 
with  an  appeal  to  rule  pujfrJmit.  eT 


by  the  above  observation^ 
by  induction  hypothesis, 
since  dom(0  o  0*)  C  dom(0), 
because  of  the  outer  normalization, 
by  definition  of  application, 
by  definition  of  composition, 
by  definition  of  application, 
by  definition  of  application, 


3.5  Non-Determinism 

Huet’s  pre-unification  algorithm  for  A”^  is  inherently  non-deterministic  since  unification  problems  in  this 
language  usually  do  not  admit  most  general  unifiers.  Indeed,  when  solving  flex-rigid  equations,  we  may 
have  to  choose  between  imitation  and  projection  steps  and,  in  the  latter  case,  we  might  be  able  to  project 
on  different  arguments.  These  are  forms  of  “don’t  know”  non-determinism.  The  presence  of  a  linear 
context  in  and  of  constructs  that  operate  on  it  gives  rise  to  a  number  of  new  phenomena  not 

present  in  unification. 

First  of  all,  the  manner  equations  are  rewritten  in  Figure  8  is  constrained  by  the  usual  context 
management  policy  of  linear  logic.  In  particular,  linear  heads  in  rigid-rigid  equations  are  removed  from 
the  context  prior  to  unifying  their  spines  (rule  pu_rr  Jvar).  Moreover,  when  simplifying  equations  among 
pairs,  the  linear  context  is  copied  to  the  two  subproblems  (pu_pair),  and  equations  involving  ()  can  always 
be  elided  (pu_unit).  Finally,  when  solving  spine  equations,  the  linear  context  must  be  distributed  among 
the  linear  operands  (puJapp)  so  that  it  is  empty  when  the  end  of  the  spine  is  reached  (pu_nil).  As 
expected,  equations  among  intuitionistic  operands  are  created  with  an  empty  linear  context  (puJapp). 
Context  splitting  in  rule  puJapp  represents  a  new  form  of  “don’t  know”  non-determinism  not  present 
in  Huet’s  algorithm.  Standard  techniques  of  lazy  context  management  [CHP96]  can  however  be  used  in 
order  to  handle  it  efficiently  and  deterministically  in  an  actual  implementation. 

A  new  inherent  form  of  non-determinism  arises  in  the  generation  of  the  spine  of  substitution  terms. 
Recall  that  such  a  term  V  is  constructed  in  two  phases:  first,  we  build  its  constructor  layer,  recording 
local  intuitionistic  and  linear  parameters  in  two  accumulators  F'  and  A',  respectively,  as  A- abstractions 
are  introduced  (first  and  third  parts  of  Figure  9).  Then,  we  construct  a  spine  on  the  basis  of  the  available 
type  informations  (second  and  fourth  quarter  of  Figure  9),  installing  a  fresh  logical  variable  as  the  head 
of  every  operand.  The  contents  of  F'  and  A'  must  then  be  distributed  as  if  they  were  contexts.  In 
particular,  we  must  split  A'  among  the  linear  operands  (rules  friJlam  and  frp_Ilam)  so  that,  when  the 
end  of  spine  is  generated,  no  linear  parameter  is  left  (rules  fri_nil  and  frpaiil).  Lazy  strategies  are  not 
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Figure  11:  Sublanguages  of 


viable  in  general  this  time  because  the  heads  of  these  operands  are  logical  variables.  Therefore,  we  must 
be  prepared  to  non-deterministically  consider  all  possible  splits. 

This  situation  is  illustrated  by  the  equation 

x:a,y:a;  •  h  F^x^y  =  c^{G\  x  y)^{G2  x  y)  :  a. 

discussed  in  Section  3.2.  An  imitation  step  instantiates  F  to  a  term  of  the  form  Xx^  :A.  Xy'  :B.  c^Mi  "M2 
where  each  of  the  linear  parameters  x'  and  y'  must  appear  either  in  Mi  or  in  M2,  but  not  in  both.  This 
produces  the  four  solutions  presented  in  Section  3.2.  An  actual  implementation  would  avoid  this  addi¬ 
tional  non-determinism  by  postponing  the  choices  between  the  four  imitations.  A  detailed  treatment  of 
the  necessary  constraints  between  variables  occurrences  is  beyond  the  scope  of  this  paper  (see  Section  4.2 
for  further  discussion;  a  similar  technique  is  used  in  [HP97]). 

4  Discussion 

In  this  section,  we  consider  various  sublanguages  of  (or  equivalently  obtained  by  eliding 

some  of  the  type  operators  and  the  corresponding  term  constructors  and  destructors  (Section  4.1).  We  also 
discuss  problems  and  sketch  solutions  towards  the  efficient  implementation  of  a  unification  procedure  for 
(Section  4.2).  Finally,  we  compare  our  work  to  related  endeavors  in  the  literature  (Section  4.3). 

4.1  Sublanguages 

The  omission  of  one  or  more  of  the  type  operators  — — o,  &  and  T  and  of  the  corresponding  term 
constructs  from  (or  results  in  a  number  of  A-calculi  with  different  properties. 

First  of  all,  the  elision  of  -o,  &  and  T  reduces  to  A"^.  The  few  applicable  rules  in  Figures  8- 

10  constitute  then  a  new  presentation  of  Huet’s  procedure  [Hue75].  The  combined  use  of  inference  rules 
and  of  a  spine  calculus  results  in  an  elegant  formulation  that  can  be  translated  almost  immediately  into 
an  efficient  implementation. 

Since  linear  objects  in  are  created  and  consumed  by  linear  abstraction  and  application, 
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respectively,  every  sublanguage  not  containing  — o  is  purely  intuitionistic.  In  particular,  coincides 
with  the  simply-typed  A-calculus  with  pairs  while  corresponds  to  its  extension  with  a  unit  type 

and  unit  element;  the  latter  calculus  is  tightly  related  to  the  notion  of  Cartesian  closed  categories  [AL91]. 
Unification  in  the  restricted  setting  of  higher-order  patterns  has  been  studied  for  these  two  languages  in 
[Dug93]  and  [FL96],  respectively.  The  appropriate  restrictions  of  the  rules  in  Figures  8-10  implement  a 
general  pre-unification  procedure  for  these  calculi.  Differently  from  these  proposals,  our  algorithm  can 
solve  any  unification  problem  that  admits  a  solution.  However,  we  can  guarantee  neither  termination  in 
the  general  case,  nor  efficiency  when  dealing  with  higher-order  patterns. 

The  languages  A^”^^  and  A^“^  are  particularly  interesting  since  the  natural  restriction  of  our  pre¬ 
unification  procedure  is  unsound  for  them  in  the  following  sense:  We  cannot  apply  our  success  criterion 
since  not  all  flex-flex  equations  are  solvable  in  this  setting.  Consider,  for  example, 

x:a,y:a;'  h  F"x  ~  G'^y  :  a. 

This  equation  has  no  solution  since  F  must  be  instantiated  with  a  term  that,  after  /^-reduction,  will 
explicitly  use  x^  and  G  to  a  term  that  must  mention  y.  Furthermore,  whether  a  flex-flex  equation  has  a 
solution  in  or  A'^^®  is  in  general  undecidable,  since,  for  example,  F^Mi  =  F''M2  is  equivalent 

to  the  generic  unification  problem  Mi  =  M2.  The  situation  is  clearly  different  in  where  ()  is 

always  available  as  an  information  sink  in  order  to  eliminate  unused  linear  parameters.  However,  the 
usual  assumption  that  there  exist  closed  terms  of  every  type  may  not  be  reasonable  in  and  care 

must  be  taken  in  each  application  regarding  the  treatment  of  logical  variables  which  may  have  no  valid 
ground  instances.  In  conclusion,  pre-unification  procedures  in  the  sense  of  Huet  are  not  achievable  in  the 
calculi  with  -o  but  without  T. 

Finally,  a  restricted  form  of  unification  in  the  purely  linear  calculus  A“^  has  been  studied  in  [Lev96] . 
The  above  counterexamples  clearly  apply  also  in  this  setting,  but  we  have  no  result  about  the  decidability 
of  higher-order  unification  in  this  fragment. 

Figure  11  summarizes  the  taxonomy  of  sublanguages  of  we  just  discussed,  their  relationships 

and  their  properties  as  far  as  the  existence  of  a  pre-unification  algorithm  is  concerned.  We  have  also 
inserted  references  to  works  on  the  notion  pattern  for  those  languages  for  which  this  issue  has  been  the 
object  of  research.  Patterns  in  linear  language  have  not  been  investigated  yet.  Some  considerations  can 
be  found  in  the  next  section. 

4.2  Towards  a  Practical  Implementation 

Huet’s  algorithm  for  pre-unification  in  A”^  has  been  implemented  in  general  proof  search  engines  such 
as  Isabelle  [NP92]  and  logic  programming  languages  such  as  XProlog  [NM88]  and  shown  itself  to  be 
reasonably  efficient  in  practice.  However,  the  non-determinism  it  introduces  remains  a  problem,  especially 
in  logic  programming.  This  issue  is  exacerbated  in  due  to  its  additional  resource  non-determinism 

during  imitation  and  projections. 

For  A“^,  this  problem  has  been  addressed  by  Miller's  language  of  higher-order  patterns  Lx  [Mil91], 
which  allows  occurrences  of  logical  variables  to  be  applied  to  distinct  parameters  only.  This  syntactic 
restriction  guarantees  decidability  and  the  existence  of  most  general  unifiers.  An  algorithm  that  solves 
equations  in  the  pattern  fragment  but  postpones  as  constraints  any  non  Lx  equation  has  been  successfully 
implemented  in  the  higher-order  logic  programming  language  Elf  [Pfe91a].  Unfortunately,  an  analogous 
restriction  for  which  would  cover  the  situations  arising  in  practice  does  not  admit  most  general 

unifiers.  A  simple  example  illustrating  this  is 

x:a]>  h  F^x  =  c"{Fi"x)"{F2''x)  :  a. 

which  has  the  two  most  general  solutions 

F  ^  Xx' :  a.  c^{Fi  V)  ^(G2  ^0).  ^2  Ao:" :  a.  G2 
F  ^Xx'  :a,  c^(Gi  "())  "(F2  V),  Fi  f—  Aor" :  a.  Gi  "() 

neither  of  which  is  an  instance  of  the  other.  This  situation  is  common  and  occurs  in  several  of  our  case 
studies.  For  certain  flex-flex  pattern  equations,  the  set  of  most  general  unifiers  cannot  even  be  described 
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finitely  in  the  language  of  patterns  under  any  reasonable  definition  of  this  notion.  This  is  illustrated  by 

x-.a,y:a-,- \-  Fi''{x,y)  -  F2~x"y  :  a. 


for  which  the  generic  solution 

Fi  < —  Ai£;:a&a.G'^(Gi'^(FSTu;)"(),G2"(sND  wY{)) 

F2^Xu:  a.  Xv:a.G  "(Gi  ^(),  G2  ^vY)) 

(which  is  not  a  pattern),  can  be  instantiated  to  infinitely  many  pattern  substitutions  by  properly  choosing 
a  term  for  the  new  logical  variable  G. 

Despite  these  difficulties,  the  natural  generalization  of  the  notion  of  higher-order  pattern  introduced 
by  [Dug93]  and  [FL96]  for  products  to  the  linear  case  leads  to  a  decidable  unification  problem  for 
On  this  fragment  (whose  description  is  beyond  the  scope  of  the  present  paper),  termination  of  the  pre¬ 
unification  algorithm  in  Section  3  is  assured  if  we  also  incorporate  an  appropriate  occurs-check  as  in  the 
simply- typed  case.  Branching  can  furthermore  be  avoided  by  maintaining  linear  flex-flex  equations  as 
constraints  and  by  using  additional  constraints  between  occurrences  of  parameters.  In  the  first  example 
above,  the  solution  would  be 

F  i —  Xx'  :a.c"{Fi"x')"(F2''x') 

with  the  additional  constraint  that  if  x'  occurs  in  Fi  "x'  then  it  must  be  absorbed  (by  ())  in  F2^x'  and  vice 
versa  [HP97].  The  second  equation  above  would  simply  be  postponed  as  a  solvable  equational  constraint. 
Based  on  our  experience  with  constraint  simplification  in  Elf  [Pfe91a]  and  preliminary  experiments,  we 
believe  that  this  will  be  a  practical  solution.  In  particular,  the  use  of  explicit  substitutions,  investigated 
in  [DHKP96]  relatively  to  Elf  seems  to  provide  a  hook  for  the  required  linearity  constraints. 

4.3  Related  Work 

So  far,  only  a  very  limited  amount  of  research  has  been  dedicated  to  unification  algorithms  for  linear 
languages.  To  our  knowledge,  the  only  strictly  related  work,  besides  the  extensive  treatment  in  this 
paper,  is  due  to  Levy.  In  [Lev96],  he  studies  a  generalization  of  the  contextual  unification  problem 
that  corresponds  to  second-order  unification  in  a  formalism  akin  to  the  purely  linear  language  A~^ .  He 
provides  a  sound  and  complete  unification  algorithm  (flex-flex  equations  are  indeed  simplified)  and  proves 
its  termination  for  three  specific  classes  of  equations.  However,  he  does  not  discuss  the  decidability  of 
the  general  instance  of  the  problem,  which,  to  our  knowledge,  is  still  open.  In  the  context  of  A"^,  our 
work  is  more  general  since  the  appropriate  rules  in  Figures  8-10  apply  to  equations  of  arbitrary  order. 
However,  we  achieve  only  pre-unifiers  since  we  keep  flex-flex  equations  as  constraints.  Instead,  when 
Levy’s  procedure  terminates,  it  always  produces  a  fully  worked-out  solution. 

Most  research  on  higher-order  unification  has  focused  on  the  simply  typed  A-calculus  A“^ .  The  most 
influential  work  is  still  the  seminal  paper  [Hue75]  by  Huet.  The  individuation  of  the  pattern  fragment 
by  Miller  [Mil91]  and  of  a  terminating  and  unitary  algorithm  for  it  had  extensive  applications  and  will 
influence  the  direction  of  our  future  work.  These  ideas  have  been  extended  in  [Pfe91b]  to  more  general 
languages  such  as  the  calculus  of  constructions  [CH88],  which  includes  dependent  types,  polymorphism 
and  type  constructors  definition. 

Of  some  relevance  in  our  context  is  Prehofer’s  thesis  [Pre95]  where  he  considers  the  specific  case  of 
unification  in  A“^  where  the  occurrences  of  logical  variables  are  subject  to  linear  restrictions. 

Duggan  in  [Dug93]  extends  Miller’s  work  to  a  calculus  akin  to  A*^*^  that  includes  product  types  and 
impredicative  polymorphism  [Pfe91b].  These  two  additions  are  orthogonal.  The  basic  intuition  behind 
Duggan’s  treatment  of  the  pairing  constructs  is  that  distinct  projection  sequences  applied  to  a  given 
parameter  can  be  viewed  as  distinct  parameters  as  far  as  Miller’s  definition  of  patterns  is  concerned.  He 
implicitly  formalizes  this  idea  by  giving  an  alternative  formulation  of  this  calculus  that  emphasizes  the 
role  of  projections. 

Fettig  and  Lochner  push  this  idea  further  in  [FL96]  by  defining  a  calculus  that  replaces  the  need 
for  projections  with  the  possibility  of  abstracting  over  pairs  and  more  generally  tuples.  Therefore,  they 
admit  terms  of  the  form  A(a:i , . . .  M.  In  this  setting,  their  notion  of  pattern  resembles  Miller’s  original 
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proposal.  They  present  a  pattern  unification  procedure  for  and  prove  its  soundness,  completeness 
and  termination.  They  extend  these  results  to 


5  Conclusion  and  Future  Work 

In  this  technical  report,  we  have  studied  the  problem  of  higher-order  unification  in  the  context  of  the  linear 
simply  typed  A-calculus  A  pre-unification  algorithm  in  the  style  of  Huet  has  been  presented  for 

the  equivalent  spine  calculus  and  new  sources  of  inherent  non-determinism  due  to  linearity  were 

pointed  out.  Moreover,  sublanguages  of  were  analyzed  and  it  was  shown  that  pre- unification 

procedures  are  not  achievable  for  some  of  them. 

We  are  currently  investigating  the  computational  properties  of  the  natural  adaptation  of  Miller’s 
higher-order  patterns  to  Preliminary  examples  show  that  many  common  unifiable  equations 

do  not  have  most  general  unifiers  due  to  non-trivial  interferences  among  — o,  &  and  T.  However,  we 
believe  that  these  problems  can  be  solved  through  constraint  simplification  and  propagation  techniques 
in  a  calculus  of  explicit  substitutions. 
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Notation 


r 

A 

0 

% 

E 

$ 

A,  B 
F,  G 
H 

M,  N 

s  ■ 

S 

U,  V 
a 
c 
h 

X,  y,  z,  f,  u,  V,  w 


Equation 

Intuitionistic  context 

Linear  context 

Substitution 

Equation  system 

Flex-flex  equation  system 

Signature 

Pool 

Type 

Logical  variable 

Head 

Term 

Spine 

Partial  spine 
Term 
Base  type 
Constant 
Rigid  head 

Variables  (parameters) 


£ 

S 

n 

7^ 

S 

§ 

U 

w 


Equality  derivation 
Multiset  equality  derivation 
//-expansion  derivation 
Variable  raising  derivation 
Spine  typing  derivation 
Partial  spine  typing  derivation 
Term  typing  derivation 
Reduction  derivation 
Unification  derivation 


c:A 

x:A 

F:A 


Constant  declaration 
Variable  (parameter)  declaration 
Logical  variable  typing 


T 

AkB 

A-^B 

A^B 


Unit  type 
Additive  product 
Linear  arrow 
Intuitionistic  arrow 


0 

Xx:A.M 
XxiA.M 
FST  M 
SND  M 


Unit  element 
Addivite  pairing 
Linear  A-abstraction  (A”^"^*^"^) 
Intuitionistic  A-abstraction  (A"^"^*^^) 
First  projection  (A’^"^'^^) 

Second  projection  (A”^"^*^^) 
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M"N  Linear  application 

M  N  Intuitionistic  application 

[M/x]N  Meta-level  substitution 

Can(M)  Canonical  form 


H^S 

{U,V) 

Xx:A.U 

\x:A,U 

NIL 

TTi  S 
TT2  S 
U',s 
U]S 


Root 

Addivite  pairing 
Linear  A-abstraction 
Intuitionistic  A-abstraction 
End  of  spine 
First  projection 
Second  projection  (5”^“^'^'^) 
Linear  application 
Intuitionistic  application 


[V/x]U 
[vlx]S 
Can(^7) 
HNF([/),  U 


Meta-level  substitution  in  terms 
Meta-level  substitution  in  spines 
Canonical  form 
(Weak)  head-normal  form 
Variable  7?-expansion 


H  •  S  Partial  root 

5  @  5'  Partial  spine  concatenation 


UjF 

F 

dom(0) 

lm(0) 

rg(0) 

©Fs 

[Q]U 

[0]5 

[0]0' 

[0]^ 

[0]S 

0O0' 

Can(0) 


Substitution  item 
Displayed  substitution  item 
Substitution  domain 
Substitution  image 
Substitution  range 
Substitution  restriction 
Substitution  application  (term) 
Substitution  application  (spine) 
Substitution  application  (substitution) 
Substitution  application  (equation) 
Substitution  application  (equation  system) 
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r;A  h  V  :  A 
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J  ::J 
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T;A  S  :A>  a 
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U  V 

Si  S2 

U  —4*  V 
Si  52 

U  V 

U  JSSf.*  V 
U  ^  V 

U  Y 

T-,A  U  =  V  '.A 

r;  A  He  5i  =  52  :  ^  >  a 
r;A  hs  H-S'A 
T;A  He  S'B>A 
Hi -Si  H^- §2 

Hi -Si  H2 -82 
x-^S  O  U 
E\Eff,e 

T-^Ah  c- S'  /  At  S’-^V 
T]A\-  B  !i,'  S^S 
r;  A  h  ^  fr’'  5  ^  V 
r;  A  h  ^  a  5 

T;A\-  A^V 
T-,A  \-  S,A 
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S^A 
5i  -52 
Hs{U) 

U  ~raise  ^ 

UsQV 
Usrs 
Usnv 
Us  □ 
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